New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update images to address CVEs 24.01.23 #109
Comments
Trivy report as 24.01.23. |
#109 Summary of changes: - Updated image definitions in kubeflow/ to resolve some CVEs
#109 Summary of changes: - Updated Dockerfile for jupyter-pytorch.
Applied suggested fixes. Detailer report per image
|
Trivy reports as of 25.01.23 |
Updated selected images are published https://hub.docker.com/repositories/charmedkubeflow |
1 (one) unfixed Critical CVE-2022-45907 in
|
Integration tests with updated containers:
|
#109 Summary of changes: - Added a list of container images to be published. Not all are required to be in dockerhub.
#109 Summary of changes: - Updated OCI images to point to re-built images in dockerhub. - Updated publish.sh to publish only limited list of images.
First iteration is complete. Closing. |
Address CVEs 24.0.1.23
Initial CVE scans report
All images rebuilt in current state as of 24.01.23
CRITICAL=39 HIGH=188 MEDIUM=573 LOW=34
Excluding builder images
CRITICAL=11 HIGH=97 MEDIUM=496 LOW=16
Initial detailed report per image
Implementation details
v1.17
vsv1.19
changes caused problem ingo mod download
command:If the main module's go.mod file specifies go 1.17 or higher, go mod download without arguments now downloads source code for only the modules explicitly required in the main module's go.mod file. (In a go 1.17 or higher module, that set already includes all dependencies needed to build the packages and tests in the main module.) To also download source code for transitive dependencies, use go mod download all.
Had to change to
go mod download all
to build container properly.Testing
Integration testing needs to pass after any updates.
The text was updated successfully, but these errors were encountered: