I've been receiving security issues from Snyk's container scanning on my java 11 app. There are recommendations to update the packages inside but I can't seem to find how using Maven Jib. Below are what I've tested so far.
- eclipse-temurin:11.0.17_8-jre
- maven:3.8.5-eclipse-temurin-11-alpine
- gcr.io/distroless/java11
- java11-debian11
- amazoncorretto:11
- adoptopenjdk/openjdk11-alpine
- adoptopenjdk/openjdk11-alpine-slim
- adoptopenjdk/openjdk11-alpine-jre
Eclipse Temurin is maintained and works for me. The version eclipse-temurin:11.0.18_10-jre currently covers the high risk vulnerabilities reported by Snyk.