Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address "High" vulnerabilities in SNYK scans of KServe #73

Closed
heyselbi opened this issue Aug 30, 2023 · 5 comments · Fixed by #79
Closed

Address "High" vulnerabilities in SNYK scans of KServe #73

heyselbi opened this issue Aug 30, 2023 · 5 comments · Fixed by #79
Assignees
@Xaenalt @israel-hdez
Labels
good first issue Good for newcomers kind/security Indicates that this is a security issue that should be addressed

Comments

@heyselbi
Copy link

heyselbi commented Aug 30, 2023
edited

Check all the SNYK repo scans, some have "high" and "critical" vulnerabilities, some don't:
Kserve repo: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=kserve&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after --> note: vulnerabilities in docs/ and python/ folder can be ignored as they are not used in production.
TGIS repo: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=text&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after
Caikit repos: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=caikit&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after
ModelMesh repos: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=model&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after
https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=rest&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after

Quay images:
quay.io/modh
kserve-storage-initializer

quay/opendatahub-io --> for this, we probably should just do a rebuild because downstream (red-hat-data-services) already have updated images with no critical or high vulnerabilites except the kserve-storage-initiliazer
kserve-storage-initializer
kserve-alibi-explainer
kserve-art-explainer
caikit-tgis-serving --> fast tag needs an updated image
@heyselbi heyselbi added the kind/security Indicates that this is a security issue that should be addressed label Aug 30, 2023
@heyselbi heyselbi linked a pull request Sep 7, 2023 that will close this issue
Update dependencies to resolve security scans #79
Merged
@heyselbi
Copy link
Author

heyselbi commented Sep 12, 2023
edited

Current status:
KServe SNYK:

  • 12 High in Code analysis
  • 5 in go.mod

@Xaenalt should we deactivate the scanning of python/ folder? A lot of vulnerabilities come up there.

TGIS SNYK: none

Caikit SNYK: none

Haven't checked the Quay images.

@Xaenalt
Copy link

Xaenalt commented Sep 12, 2023

The python/ folder is used for the storage-initializer, we need a few subfolders there sadly

@heyselbi heyselbi added the good first issue Good for newcomers label Sep 14, 2023
@heyselbi heyselbi changed the title Address all "High" vulnerabilities in quay and SNYK scans Address all "High" vulnerabilities in quay and SNYK scans of KServe/Caikit/TGIS Sep 14, 2023
@heyselbi heyselbi changed the title Address all "High" vulnerabilities in quay and SNYK scans of KServe/Caikit/TGIS Address all "High" vulnerabilities in SNYK scans of KServe/Caikit/TGIS Sep 14, 2023
@heyselbi heyselbi changed the title Address all "High" vulnerabilities in SNYK scans of KServe/Caikit/TGIS Address "High" vulnerabilities in SNYK scans of KServe/Caikit/TGIS Sep 14, 2023
@bdattoma
Copy link

bdattoma commented Sep 26, 2023
edited

Current status: KServe SNYK:

  • 12 High in Code analysis
  • 5 in go.mod

@Xaenalt should we deactivate the scanning of python/ folder? A lot of vulnerabilities come up there.

TGIS SNYK: none

Caikit SNYK: none

Haven't checked the Quay images.

are these 12 High vulnerabilities supposed to be fixed by this issue? @heyselbi

@heyselbi
Copy link
Author

@bdattoma Yes they are supposed be either fixed or addressed. @israel-hdez will be working on it.

@heyselbi heyselbi changed the title Address "High" vulnerabilities in SNYK scans of KServe/Caikit/TGIS Address "High" vulnerabilities in SNYK scans of KServe Sep 27, 2023
@heyselbi
Copy link
Author

Closing this issue as @Xaenalt PR addressing several KServe vulnerabilities is already included in RHODS 1.33. Here is the follow up ticket for addressing the rest of the KServe issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Xaenalt Xaenalt

@israel-hdez israel-hdez

Labels
good first issue Good for newcomers kind/security Indicates that this is a security issue that should be addressed
Projects
Internal tracking
Status: No status
ODH Feature Tracking
Status: No status
ODH Model Serving Planning
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update dependencies to resolve security scans Xaenalt/kserve
4 participants
@Xaenalt @israel-hdez @heyselbi @bdattoma