CNB has no new version published. We need example of Rebase. #169
Comments
|
We release updates to the base images very frequently. Could you please share the details of which CVEs you are finding in the images and how you are scanning? AR auto scanning turns up a few low severity CVEs but none of them have patches available so an update won't help. |
|
I agree we need better documentation on how to rebase to update the base image layers. We should also provide docs on how to remove unnecessary packages from the base image. This would allow users to eliminate CVEs that were introduced by packages that are not required by their application. |
matthewrobertson
added
the
kind/documentation
|
We just published an updated builder using Ubuntu 22 as the base image. This builder has substantially fewer CVEs, see #271 I think the remaining work here might be to demonstrate how to execute a rebase. |
|
@msathe-tech you can check out my demo of how to use rebase in my post here #300 Feedback welcome! |
gcr.io/buildpacks/builder:v1 for Java apps has 36 CVEs.
There is no new version published.
We also need a new version to check out the Rebase functionality.
The text was updated successfully, but these errors were encountered: