You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is mostly an FYI for the maintainers and for users that the current upstream v2.0 image has some vulnerabilities according to the Google Container Registry vulnerability scanner:
Critical 0
High 176
Medium 457
Certainly, some of these vulnerabilities are not meaningful in the context of a Docker container running k8s-snapshots, e.g. an openssh vulnerability which "allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket".
I rebuilt current master (b21015c) on top of the latest python:3.6 image. Doing this reduces the total to High 26, Medium 147.
I tried to build current master with python:3.6-alpine but it didn't work (I didn't dig any further):
ERROR: Could not build wheels for aiohttp which use PEP 517 and cannot be installed directly
I also tried with python:37-alpine (same buildtime error as above) and python:37 (runtime error: TypeError: 'async for' received an object from _aiter_ that does not implement _anext_: generator).
Feel free to close this if it isn't helpful. My team thought we should pass on what we'd noticed and learned. Thanks for k8s-snapshots. :)
The text was updated successfully, but these errors were encountered:
Thanks for the PR, I've merged it. I'm not sure about how feasible it is chase the security scanner reports, since as you say, some of them may not be applicable/exploitable, but certainly some might be, and we should rebuild the image regularly with available fixes.
I am assuming with an alpine-base and the latest versions, the situation now looks better, but please open another PR if more can be done.
This is mostly an FYI for the maintainers and for users that the current upstream v2.0 image has some vulnerabilities according to the Google Container Registry vulnerability scanner:
Certainly, some of these vulnerabilities are not meaningful in the context of a Docker container running k8s-snapshots, e.g. an openssh vulnerability which "allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket".
I rebuilt current master (b21015c) on top of the latest
python:3.6
image. Doing this reduces the total toHigh 26, Medium 147
.I tried to build current master with
python:3.6-alpine
but it didn't work (I didn't dig any further):I also tried with
python:37-alpine
(same buildtime error as above) andpython:37
(runtime error:TypeError: 'async for' received an object from _aiter_ that does not implement _anext_: generator
).Feel free to close this if it isn't helpful. My team thought we should pass on what we'd noticed and learned. Thanks for k8s-snapshots. :)
The text was updated successfully, but these errors were encountered: