Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce the number of vulnerabilities #17

Open
3 tasks
RothAndrew opened this issue Jun 13, 2023 · 0 comments
Open
3 tasks

Reduce the number of vulnerabilities #17

RothAndrew opened this issue Jun 13, 2023 · 0 comments
Labels
help wanted Extra attention is needed

Comments

@RothAndrew
Copy link
Member

RothAndrew commented Jun 13, 2023
edited
Loading

As a user of Build Harness that works in a secure environment, I want BH to have fewer vulnerabilities than it has now, so that my environment may be more secure.

As a user of Build Harness that works in a regulated environment, I want vulnerability scanners like Grype to report that Build Harness has fewer CVEs than it does now, so that I can use it without having to justify so many vulnerabilities in my compliance paperwork.

Acceptance Criteria
Beta Give feedback

Notes:

  • A recent scan of Build Harness showed 1 critical, 65 high, 249 medium, and 160 low CVEs
  • A likely avenue for being able to do this without making big sweeping changes is to evaluate whether there are any tools that are reporting CVEs that are not absolutely required and can be subject to removal from the image.
@RothAndrew RothAndrew added the help wanted Extra attention is needed label Jun 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RothAndrew