New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: container vulnerabilities #149
Comments
That's really weird. We run apt upgrade on every image build. Which vulnerabilities is it complaining about? |
for example: Name Installed version / Fixed version Package manager File path most of the errors seem to be related to this externals/node12 directory... |
That's part of https://github.com/actions/runner. I'm not sure we can do more than open a ticket for them to update it. |
yes figured out the same. There`s already an issue open ... actions/runner#2145 |
I'm surprised it has so little upvotes. |
same opinion - but would have expected that gh keeps it more up to date.... |
Maybe this will be resolved once Node 12 is completely removed. It's already deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ |
Hey,
I use codebuild for my runners and the default linux image (no custom image) provided.
Ecr has the capability to do a vulnerability scan (https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html).
I found a lot of critical security vulnerabilities inside of the container image.
Do you have a clue why ?
br,
flo
The text was updated successfully, but these errors were encountered: