Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: remove Jython's pip from image #1174

Closed
iromli opened this issue Apr 6, 2022 · 0 comments · Fixed by #1176
Closed

feat: remove Jython's pip from image #1174

iromli opened this issue Apr 6, 2022 · 0 comments · Fixed by #1176
Assignees
@iromli @moabu
Labels
comp-docker-jans-auth-server comp-docker-jans-scim enhancement kind-feature Issue or PR is a new feature request

Comments

@iromli
Copy link
Contributor

iromli commented Apr 6, 2022
edited
Loading

Is your feature request related to a problem? Please describe.

Jython's pip triggers vulnerability as reported by security scanner. In the janssenproject/auth-server image, we are using pip to install pydevd remote debugger. After reviewing the usage, we can safely remove pip after pydevd installation.

Another image that using Jython's pip is janssenproject/scim.

Describe the solution you'd like

  1. Remove Jython's pip after pydevd installation
  2. Exclude ensurepip module while installing Jython
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iromli iromli

@moabu moabu

Labels
comp-docker-jans-auth-server comp-docker-jans-scim enhancement kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: remove Jython's pip from images JanssenProject/jans
3 participants
@iromli @moabu @mo-auto