New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Approach for applying npm security patches to Docker Images #1401
Comments
I suggest we approach this from two perspective - 1. Capacitywise we may have to make a decision to support the last 3 or 4 versions with security patches but still support on more versions functionality wise. 2 Where fixing security vulnerability is only through version upgrade for a specific version then we will have to explore how that vulnerability can be mitigated. @elnyry |
I think there's 2 considerations here, with respect to the developer experience:
|
@elnyry here's a thread I found on re-pulling updated images for security updates: kubernetes/kubernetes#33664 |
Noted @lewisdaly expanding your second point a bit, I think we should explore how we can build a way for an administrator to run a command to first check for vulnerabilities on a particular realise\version and also have an option to apply the latest security patches where they exist . From a risk perspective, we should explore a way where we can put a risk score or ratings per version for the adopters make their decision accordinly to the risk level they're willing to accept. |
Thanks @lewisdaly , @godfreykutumela for the inputs and thoughts, I'll go through these resources and your inputs and suggest a guidance here - will continue with the versioning team.. |
Discussed with Lewis, Matt and Miguel to use an Operator pattern. @matdehaast also prosed using a controller pattern which may be simpler, investigating this. |
Some notes (from Lewis's mid-pi review presentation)
|
Thanks @elnyry-sam-k and I will chat to @lewisdaly regarding follow through stories to action the 3 points from the notes above. |
Thanks @godfreykutumela , I'll create a story to actually do a PoC for this service in #3 , will keep you posted.. Thanks @lewisdaly and @matdehaast |
Okay that's perfect, thanks @elnyry-sam-k |
Goal:
As a hub operator, I want regular security patches applied to my running system, so I can ensure a secure and reliable environment.
10.1.0
or10.1.0-patch1
Tasks:
Acceptance Criteria:
Pull Requests:
Follow-up:
Dependencies:
Accountability:
The text was updated successfully, but these errors were encountered: