You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To reduce the potential attack surface and thus the number of vulnerabilities in our images, we should try to remove all unnecessary dependencies.
The basic idea is to look for dependencies that are not really needed at runtime and remove them.
Some vague examples:
Unneeded JAR files
System packages (maybe set install_weak_deps=0 option for microdnf?)
Packages that are needed for features that are never enabled in our platform
A good place to start might be to browse through critical vulnerabilities in SecObserve, inspect the components are affected by them and verify if they are really needed. Or to think about general options / techniques to clean up our images.
The text was updated successfully, but these errors were encountered:
Closing this as this was part of the vulnerability hackathon (my main concerns were adressed in #665 and stackabletech/operator-templating#361). We'll remove further unnecessary dependencies if we find some during vulnerability analysis, I don't think we need a general issue for this anymore.
To reduce the potential attack surface and thus the number of vulnerabilities in our images, we should try to remove all unnecessary dependencies.
The basic idea is to look for dependencies that are not really needed at runtime and remove them.
Some vague examples:
install_weak_deps=0
option for microdnf?)A good place to start might be to browse through critical vulnerabilities in SecObserve, inspect the components are affected by them and verify if they are really needed. Or to think about general options / techniques to clean up our images.
The text was updated successfully, but these errors were encountered: