-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(ci): add Docker Scout vulnerabilities scanning #8871
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gustavovalverde
added
A-devops
Area: Pipelines, CI/CD and Dockerfiles
C-security
Category: Security issues
C-feature
Category: New features
P-Critical 🚑
labels
Sep 18, 2024
github-actions
bot
added
the
C-trivial
Category: A trivial change that is not worth mentioning in the CHANGELOG
label
Sep 18, 2024
Need a workaround for: docker/scout-action#16 |
Overview
Environment Variables (1 changes)
+APP_HOME=/opt/zebrad
FEATURES=default-release-binaries
GID=10001
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
UID=10001
USER=zebra
ZEBRA_CONF_DIR=/etc/zebrad
ZEBRA_CONF_FILE=zebrad.toml Labels (3 changes)
-org.opencontainers.image.created=2024-08-28T12:08:34.422Z
+org.opencontainers.image.created=2024-09-19T11:30:03.656Z
org.opencontainers.image.description=Zcash - Financial Privacy in Rust 🦓
org.opencontainers.image.licenses=Apache-2.0
-org.opencontainers.image.revision=bf4d253897bb3d67cecea6e73562cbe111e2b7f2
+org.opencontainers.image.revision=6dbc86e75e4c2c61cdc96bb9e0e690a5fcfc5243
org.opencontainers.image.source=https://github.com/ZcashFoundation/zebra
org.opencontainers.image.title=zebra
org.opencontainers.image.url=https://github.com/ZcashFoundation/zebra
-org.opencontainers.image.version=1.9.0
+org.opencontainers.image.version=pr-8871 Packages and Vulnerabilities (9 package changes and 0 vulnerability changes)
Changes for packages of type
|
Package | Versionzfnd/zebra:latest |
Versionus-docker.pkg.dev/zfnd-dev-zebra/zebra/zebrad:pr-8871 |
|
---|---|---|---|
♾️ | base-files | 12.4+deb12u6 |
12.4+deb12u7 |
♾️ | curl | 7.88.1-10+deb12u6 |
7.88.1-10+deb12u7 |
♾️ | libc-bin | 2.36-9+deb12u7 |
2.36-9+deb12u8 |
♾️ | libc6 | 2.36-9+deb12u7 |
2.36-9+deb12u8 |
♾️ | libcurl4 | 7.88.1-10+deb12u6 |
7.88.1-10+deb12u7 |
♾️ | libssl3 | 3.0.13-1~deb12u1 |
3.0.14-1~deb12u2 |
♾️ | libsystemd0 | 252.26-1~deb12u2 |
252.30-1~deb12u2 |
♾️ | libudev1 | 252.26-1~deb12u2 |
252.30-1~deb12u2 |
♾️ | openssl | 3.0.13-1~deb12u1 |
3.0.14-1~deb12u2 |
gustavovalverde
force-pushed
the
feat-vulnerability-scan
branch
from
September 19, 2024 10:33
47e1a24
to
8062b04
Compare
gustavovalverde
changed the title
feat(ci): add Docker Scout vulnerabilities scanning
feat(ci): add Docker Scout vulnerabilities scanning Release v1.9.1
Sep 19, 2024
Recommended fixes for image
|
Name | bookworm-20240904-slim |
Digest | sha256:903d3225acecaa272bbdd7273c6c312c2af8b73644058838d23a8c9e6e5c82cf |
Vulnerabilities | |
Pushed | 2 weeks ago |
Size | 29 MB |
Packages | 125 |
Flavor | debian |
OS | 12 |
Slim | ✅ |
The base image is also available under the supported tag(s):12-slim
,12.7-slim
,bookworm-20240904-slim
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
Tag | Details | Pushed | Vulnerabilities |
---|---|---|---|
stable-slim Tag is preferred tag Also known as:
|
Benefits:
|
2 weeks ago | |
stable Image has same number of vulnerabilities Also known as:
|
Benefits:
|
2 weeks ago | |
bookworm Tag is latest Also known as:
|
Benefits:
|
2 weeks ago | |
sid-slim Major OS version update Also known as:
|
Benefits:
|
2 weeks ago | |
gustavovalverde
force-pushed
the
feat-vulnerability-scan
branch
from
September 19, 2024 11:29
25bdd92
to
f6b305f
Compare
gustavovalverde
changed the title
feat(ci): add Docker Scout vulnerabilities scanning Release v1.9.1
feat(ci): add Docker Scout vulnerabilities scanning
Sep 19, 2024
gustavovalverde
requested review from
upbqdn
and removed request for
a team
September 19, 2024 11:35
upbqdn
reviewed
Sep 23, 2024
upbqdn
previously approved these changes
Sep 23, 2024
Co-authored-by: Marek <mail@marek.onl>
upbqdn
approved these changes
Sep 24, 2024
dmidem
pushed a commit
to QED-it/zebra
that referenced
this pull request
Oct 29, 2024
…8871) * feat(ci): add Docker Scout vulnerabilities scanning * fix(scout): add missing `environment` command Co-authored-by: Marek <mail@marek.onl> --------- Co-authored-by: Marek <mail@marek.onl>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
A-devops
Area: Pipelines, CI/CD and Dockerfiles
C-feature
Category: New features
C-security
Category: Security issues
C-trivial
Category: A trivial change that is not worth mentioning in the CHANGELOG
P-Critical 🚑
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
We must avoid publishing new releases without being fully aware of any new vulnerabilities that might be introduced into the image. This ensures we have visibility and can take the necessary actions, such as updating our READMEs, fixing the vulnerabilities, or implementing any other required measures.
Specifications & References
Solution
Release
PR until we can have a better implementation with Theignore-base
,ignore-unchanged
,only-fixed
,only-severities
parameters should add-up together docker/scout-action#56prod
,stage
anddev
environment for future reference https://docs.docker.com/reference/cli/docker/scout/environment/Tests
Follow-up Work
ignore-base
,ignore-unchanged
,only-fixed
,only-severities
parameters should add-up together docker/scout-action#56PR Author's Checklist
PR Reviewer's Checklist