You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some vulnerabilities have been identified in the final docker image from scans carried out internally. The majority of these are coming from the underlying OS (and minority from old dependencies and java version).
Internally we have fixed this in other projects by switching to distroless images from google which are extremely minimal (basically only containing java). I'm not sure if that is going to be the best solution here as we don't know exactly how other users are using this. Even internally, different templating engines are installed in different projects and that would no longer work with distroless.
I think the majority of these issues can be resolved by just upgrading to the latest stable versions of alpine and java 11. Also, there shouldn't be any need to do things like installing bash into the base image (but if we keep alpine at least if gives the option to users to easily install whatever then need e.g. to debug or add templating to the configuration).
The text was updated successfully, but these errors were encountered:
The majority of these issues were resolved in #51 (available in version 0.14.0). I've created #52, #54 and #55 to cover the remaining issues individually.
Some vulnerabilities have been identified in the final docker image from scans carried out internally. The majority of these are coming from the underlying OS (and minority from old dependencies and java version).
Internally we have fixed this in other projects by switching to distroless images from google which are extremely minimal (basically only containing java). I'm not sure if that is going to be the best solution here as we don't know exactly how other users are using this. Even internally, different templating engines are installed in different projects and that would no longer work with distroless.
I think the majority of these issues can be resolved by just upgrading to the latest stable versions of alpine and java 11. Also, there shouldn't be any need to do things like installing bash into the base image (but if we keep alpine at least if gives the option to users to easily install whatever then need e.g. to debug or add templating to the configuration).
The text was updated successfully, but these errors were encountered: