-
Notifications
You must be signed in to change notification settings - Fork 745
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
the image has many vulnerabilities scanned by trivy #205
Comments
@humblec Can you help take a look of this? |
Sure.. will fix this @xing-yang |
@stoneshi-yunify can you try 4.0.16 which is latest.. |
Ref# kubernetes-sigs#205 Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Isn't that a helm chart tag, not an image tag? Also that chart uses image tag |
Oh.. Looks like the image was not promoted in that case to the registry.. let me check and revert! |
Looks like |
the latest provisioner version is it seems that most of the vulnerabilities already solved in our
until an official version released, if you must, you can use this unofficial image of my fork that have 0 vulnerabilities: (for helm use: |
in addition the fixes already done to solve vulnerabilities , above new github action allows us to make sure we will keep it that way in the future by running trivy scan on any pull request (and every push to master) and fail if any vulnerability found (and can be fixed). |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
Is there anything new to this? |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
Hi @yonatankahana - as #287 was merged two weeks ago, is there a chance the 4.0.3 will happen? |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The text was updated successfully, but these errors were encountered: