![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 60%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Alternatives are to... compile almost everything from source, as you might guess, for the customer that's not acceptable.
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
@paulocorreia Can you create the issue in azure function docker so the team can look into this further. Please share the violations scan reports when you create the issue in azure function docker repository. As per the screenshot I couldn't see more details on the vulnerabilities part on what CVEs causing this issue.
If there is an issue with CVEs mentioned in your violations report and the issue is with with underlying Debian image that is used for functions then this need to be first fixed at the Debian base image by the Debian team. Once the issue is fixed by them then we can fixed the same at our end with the base image used.
For vulnerabilities caused due to our end or the Debian has already fixed it in their base image then the function docker team can help in fixing it.
There are many reasons for CVEs to still be shown in production images at Debian end and you can read this for information: https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves
If any CVEs that you think might affect you. You can track them using this link: https://security-tracker.debian.org/tracker/
Further, you can raise the issue with Debian for specific CVEs that are related to debian base image.