New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address "High" vulnerabilities in SNYK scans of KServe #73
Comments
Current status:
@Xaenalt should we deactivate the scanning of python/ folder? A lot of vulnerabilities come up there. TGIS SNYK: none Caikit SNYK: none Haven't checked the Quay images. |
The python/ folder is used for the storage-initializer, we need a few subfolders there sadly |
are these 12 High vulnerabilities supposed to be fixed by this issue? @heyselbi |
@bdattoma Yes they are supposed be either fixed or addressed. @israel-hdez will be working on it. |
Check all the SNYK repo scans, some have "high" and "critical" vulnerabilities, some don't:
Kserve repo: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=kserve&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after --> note: vulnerabilities in docs/ and python/ folder can be ignored as they are not used in production.
TGIS repo: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=text&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after
Caikit repos: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=caikit&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after
ModelMesh repos: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=model&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after
https://app.snyk.io/org/red-hat-openshift-data-science-rhods/projects?groupBy=targets&searchQuery=rest&sortBy=highest+severity&filters[Show]=vuln-groups&filters[Integrations]=&before&after
Quay images:
quay.io/modh
kserve-storage-initializer
quay/opendatahub-io --> for this, we probably should just do a rebuild because downstream (red-hat-data-services) already have updated images with no critical or high vulnerabilites except the
kserve-storage-initiliazer
kserve-storage-initializer
kserve-alibi-explainer
kserve-art-explainer
caikit-tgis-serving --> fast tag needs an updated image
The text was updated successfully, but these errors were encountered: