New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rebuild base images at release time to fix CVEs #2768
Comments
@dkoshkin thanks for reporting this issue. We have just re-built the base driver image and pushed it as latest.
|
Thanks @divyenpatel, just verified and see it
What the cadence of these being rebuilt? Any way to make it automated so that new releases pick up the CVE fixes? |
We do re-build on every major new release.
We are thinking to merging it with driver and syncer image so we don't need to worry about rebuilding base image for every release. |
👍 That makes sense to me @divyenpatel, please let me know if I can help with that effort. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
Is this a BUG REPORT or FEATURE REQUEST?:
What happened:
The base image
gcr.io/cloud-provider-vsphere/extra/csi-driver-base:latest
used by the driver and syncer has some CRITICAL and HIGH CVEs.CVEs in gcr.io/cloud-provider-vsphere/extra/csi-driver-base:latest
I've rebuilt the base image from
main
and it had 0 Critical/High CVEs.CVEs in gcr.io/cloud-provider-vsphere/extra/csi-driver-base:100d56ab
What you expected to happen:
Can we consider rebuilding the base image on every release, somewehre in https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/master/hack/release.sh ?
How to reproduce it (as minimally and precisely as possible):
Check CVEs:
Anything else we need to know?:
I would happy to work on this if someone can point me in the right direction.
Environment:
uname -a
):The text was updated successfully, but these errors were encountered: