Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating base images to fix vulnerabilities #643

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

fallard84
Copy link
Contributor

The current base images used to build kamus images are old and contains many vulnerabilities.

This PR:

  • Updates the init-container base image to use the latest node 14 on alpine.
  • Changes the base image of the dotnet apps from debian to ubuntu. The latest debian buster image contains many critical and high vulnerabilities. The latest ubuntu focal image contains fewer vulnerabilities and only medium at most (as per snyk).
  • Updates the dotnet base image to use the new repo (as per Breaking Change: .NET Docker Repo Name Change dotnet/dotnet-docker#2375)
  • Set explicits user and group ids for the dotnet user

I tried to run the dotnet apps using the latest alpine image, but got stuck on the multiple issue of the grpc core library in alpine (as per grpc/grpc#21446). I tried multiple options as recommended in the issue, but in the end I was only able to reproduce the segfault issue #455. The only work-around that I could get working was by downgrading lib6-compat to 1.19 (as per grpc/grpc#21446 (comment)) but it introduces different critical and high vulnerabilities because of older version of apk and musl.

When the Google KMS package migrate to the latest Grpc.Net.Client package (planned 2022 Q1 or Q2), we should be able to ditch ubuntu and run kamus on alpine, reducing the attack surface even further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant