You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docker run --entrypoint /bin/sh quay.io/freedomofpress/gke-gs-bucket-backup:master_680c45a -c 'dpkg -l' | less
And you can see that the critical warnings for linux is because linux-libc-dev, the kernel headers which are built from the linux source package, are installed. Obviously a kernel is not installed.
So, let's research how to make these scans more useful - it sounds like this is probably an issue many Quay users have encountered and may have solutions for.
The text was updated successfully, but these errors were encountered:
Having trouble loading any of the scans right now:
Based on prior output I've seen, there's definitely a ton of noise in those scan reports. Granted, we took a while to update our images, but I've also seen quay complaining about old package versions without taking into account backported security fixes, e.g. from Canonical for ubuntu images. Looks like Quay runs "Clair" to handle the scanning:
Here's the scan Quay ran on the latest CI-built image for
gke-gs-bucket-backup
from this repo: https://quay.io/repository/freedomofpress/gke-gs-bucket-backup/manifest/sha256:b28507c41e51ae64bb95d13e89a5c502061eb0a99043e76bdd3b47de038fdb90?tab=vulnerabilities (that's tagmaster_680c45a
). There's a lot there! You can check the packages in the container with:And you can see that the critical warnings for linux is because
linux-libc-dev
, the kernel headers which are built from the linux source package, are installed. Obviously a kernel is not installed.So, let's research how to make these scans more useful - it sounds like this is probably an issue many Quay users have encountered and may have solutions for.
The text was updated successfully, but these errors were encountered: