Skip to content

fix(atlas): Bump Atlas version #2366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
javirln merged 1 commit into from
Aug 18, 2025
Merged

fix(atlas): Bump Atlas version #2366

javirln merged 1 commit into from
Aug 18, 2025

Conversation

@javirln
Copy link
Member

@javirln javirln commented Aug 18, 2025

This patch upgrades Atlas to a newer version that addresses and removes existing CVEs.

❯ trivy image arigaio/atlas@sha256:2a621eff7cc837aec47f6504f17bfc95659ad7198f6e93f4145046b831a72066
2025-08-18T12:37:26+02:00	INFO	[vuln] Vulnerability scanning is enabled
2025-08-18T12:37:26+02:00	INFO	[secret] Secret scanning is enabled
2025-08-18T12:37:26+02:00	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-08-18T12:37:26+02:00	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-08-18T12:37:26+02:00	INFO	Detected OS	family="debian" version="12.11"
2025-08-18T12:37:26+02:00	INFO	[debian] Detecting vulnerabilities...	os_version="12" pkg_num=4
2025-08-18T12:37:26+02:00	INFO	Number of language-specific files	num=1
2025-08-18T12:37:26+02:00	INFO	[gobinary] Detecting vulnerabilities...

arigaio/atlas@sha256:2a621eff7cc837aec47f6504f17bfc95659ad7198f6e93f4145046b831a72066 (debian 12.11)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

❯ grype arigaio/atlas@sha256:2a621eff7cc837aec47f6504f17bfc95659ad7198f6e93f4145046b831a72066
 ✔ Vulnerability DB                [updated]
 ✔ Loaded image                                                     arigaio/atlas@sha256:2a621eff7cc837aec47f6504f17bfc95659ad7198f6e93f4145046b831a72066
 ✔ Parsed image                                                                   sha256:b94f3133de10d506beb99dcbcfeb674322543bb98cb9f8b4a4cf664c21eba1d2
 ✔ Cataloged contents                                                                    cc87f5afab2521cf6667018f8beaa95c056908ba7053c5a9b97fe1e674803c7c
   ├── ✔ Packages                        [166 packages]
   ├── ✔ Executables                     [1 executables]
   ├── ✔ File metadata                   [947 locations]
   └── ✔ File digests                    [947 files]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
[0000]  WARN current database is invalid error=the vulnerability database was built 8 weeks ago (max allowed age is 5 days)
No vulnerabilities found

@javirln javirln self-assigned this Aug 18, 2025
@javirln
fix(atlas): Bump Atlas version
10d627a 
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
@javirln javirln force-pushed the feat/bump-atlas-version branch from 703a886 to 10d627a Compare August 18, 2025 10:54
@javirln javirln merged commit b75b7bc into chainloop-dev:main Aug 18, 2025
13 checks passed
javirln added a commit to javirln/chainloop that referenced this pull request Aug 19, 2025
@javirln
Revert "fix(atlas): Bump Atlas version (chainloop-dev#2366)"
3bf79b1 
This reverts commit b75b7bc.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@migmartri migmartri migmartri approved these changes

@jiparis jiparis Awaiting requested review from jiparis

@Piskoo Piskoo Awaiting requested review from Piskoo

Assignees

@javirln javirln

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@javirln @migmartri