You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey Team, I have a few questions about the VPC CNI and EKS add-ons in general.
Are releases typically vetted for GovCloud, and are they checked to see if they introduce any vulnerabilities compared to the commercial version or are they both treated the same? Comparing both release manifests, they seem to be the same except for using different ECR sources for amazon-k8s-cni-init and aws-network-policy-agent. I also looked at the Makefile and didn't see where the build difference would be. I might be wrong; any insights on this subject are welcome 😄
What process does the VPC CNI team use to scan the final image against any CVEs, or does that fall under the Shared Responsibility Model?
Is the end user still responsible for scanning the image, even if this image is distributed to GovCloud?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hey Team, I have a few questions about the VPC CNI and EKS add-ons in general.
Are releases typically vetted for GovCloud, and are they checked to see if they introduce any vulnerabilities compared to the commercial version or are they both treated the same? Comparing both release manifests, they seem to be the same except for using different ECR sources for
amazon-k8s-cni-initandaws-network-policy-agent. I also looked at the Makefile and didn't see where the build difference would be. I might be wrong; any insights on this subject are welcome 😄What process does the VPC CNI team use to scan the final image against any CVEs, or does that fall under the Shared Responsibility Model?
Beta Was this translation helpful? Give feedback.
All reactions