Image: adds cassandra

[mritunjaysharma394]

Chainguard Images Pull Request Template

Image Size

• The Image is smaller in size than its common public counterpart.
• The Image is larger in size than its common public counterpart (please explain in the notes).

Notes:
Public counterpart: 342 MB
This image: 246 MB

Image Vulnerabilities

• The Grype vulnerability scan returned 0 CVE(s).
• The Grype vulnerability scan returned > 0 CVE(s) (please explain in the notes).

Notes:

This image has following vulnerabilities:

   ├── 1 critical, 7 high, 9 medium, 2 low, 0 negligible
   └── 10 fixed
NAME              INSTALLED  FIXED-IN  TYPE          VULNERABILITY        SEVERITY
fqltool                                java-archive  CVE-2020-13946       Medium
glibc             2.38-r0              apk           CVE-2023-0687        Critical
guava             27.0-jre             java-archive  CVE-2020-8908        Low
guava             27.0-jre             java-archive  CVE-2023-2976        High
guava             27.0-jre             java-archive  GHSA-5mg8-w23w-74h3  Low
guava             27.0-jre   32.0.0    java-archive  GHSA-7g45-4rm6-3mm3  Medium
jackson-databind  2.13.2.2             java-archive  CVE-2022-42003       High
jackson-databind  2.13.2.2             java-archive  CVE-2022-42004       High
jackson-databind  2.13.2.2             java-archive  CVE-2023-35116       Medium
jackson-databind  2.13.2.2   2.13.4    java-archive  GHSA-rgv9-q543-rqg4  High
jackson-databind  2.13.2.2   2.13.4.2  java-archive  GHSA-jjjh-jjxp-wpff  High
snakeyaml         1.26       1.31      java-archive  GHSA-3mc7-4q67-w48m  High
snakeyaml         1.26       1.31      java-archive  GHSA-98wm-3w3q-mw94  Medium
snakeyaml         1.26       1.31      java-archive  GHSA-c4r9-r8fh-9vj2  Medium
snakeyaml         1.26       1.31      java-archive  GHSA-hhhw-99gj-p3c3  Medium
snakeyaml         1.26       1.32      java-archive  GHSA-9w3m-gqgf-c4p9  Medium
snakeyaml         1.26       1.32      java-archive  GHSA-w37g-rhq8-7m4j  Medium
snakeyaml         1.26       2.0       java-archive  GHSA-mjmj-j48q-9wg2  High
stress                                 java-archive  CVE-2020-13946       Medium

The public image has following:

   ├── 0 critical, 8 high, 16 medium, 22 low, 4 negligible
   └── 18 fixed
NAME                            INSTALLED                 FIXED-IN            TYPE          VULNERABILITY        SEVERITY
coreutils                       8.30-3ubuntu2                                 deb           CVE-2016-2781        Low
curl                            7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28321       Low
curl                            7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28322       Low
fqltool                                                                       java-archive  CVE-2020-13946       Medium
github.com/opencontainers/runc  v1.1.0                    1.1.2               go-module     GHSA-f3fp-gc8g-vw66  Medium
github.com/opencontainers/runc  v1.1.0                    1.1.5               go-module     GHSA-g2j6-57v7-gm8c  Medium
github.com/opencontainers/runc  v1.1.0                    1.1.5               go-module     GHSA-m8cg-xc2p-r3fc  Low
github.com/opencontainers/runc  v1.1.0                    1.1.5               go-module     GHSA-vpvm-3wq2-2wvm  High
gpgv                            2.2.19-3ubuntu2.2                             deb           CVE-2022-3219        Low
guava                           27.0-jre                                      java-archive  CVE-2020-8908        Low
guava                           27.0-jre                                      java-archive  CVE-2023-2976        High
guava                           27.0-jre                                      java-archive  GHSA-5mg8-w23w-74h3  Low
guava                           27.0-jre                  32.0.0              java-archive  GHSA-7g45-4rm6-3mm3  Medium
jackson-databind                2.13.2.2                                      java-archive  CVE-2022-42003       High
jackson-databind                2.13.2.2                                      java-archive  CVE-2022-42004       High
jackson-databind                2.13.2.2                                      java-archive  CVE-2023-35116       Medium
jackson-databind                2.13.2.2                  2.13.4              java-archive  GHSA-rgv9-q543-rqg4  High
jackson-databind                2.13.2.2                  2.13.4.2            java-archive  GHSA-jjjh-jjxp-wpff  High
libc-bin                        2.31-0ubuntu9.9                               deb           CVE-2016-20013       Negligible
libc6                           2.31-0ubuntu9.9                               deb           CVE-2016-20013       Negligible
libcurl4                        7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28321       Low
libcurl4                        7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28322       Low
libldap-2.4-2                   2.4.49+dfsg-2ubuntu1.9                        deb           CVE-2023-2953        Low
libldap-common                  2.4.49+dfsg-2ubuntu1.9                        deb           CVE-2023-2953        Low
libpcre3                        2:8.39-12ubuntu0.1                            deb           CVE-2017-11164       Negligible
libpng16-16                     1.6.37-2                                      deb           CVE-2022-3857        Low
libpython3.8-minimal            3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
libpython3.8-minimal            3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
libpython3.8-stdlib             3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
libpython3.8-stdlib             3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
libsystemd0                     245.4-4ubuntu3.22                             deb           CVE-2023-26604       Low
libudev1                        245.4-4ubuntu3.22                             deb           CVE-2023-26604       Low
locales                         2.31-0ubuntu9.9                               deb           CVE-2016-20013       Negligible
login                           1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2013-4235        Low
login                           1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2023-29383       Low
passwd                          1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2013-4235        Low
passwd                          1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2023-29383       Low
python3.8                       3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
python3.8                       3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
python3.8-minimal               3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
python3.8-minimal               3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
snakeyaml                       1.26                      1.31                java-archive  GHSA-3mc7-4q67-w48m  High
snakeyaml                       1.26                      1.31                java-archive  GHSA-98wm-3w3q-mw94  Medium
snakeyaml                       1.26                      1.31                java-archive  GHSA-c4r9-r8fh-9vj2  Medium
snakeyaml                       1.26                      1.31                java-archive  GHSA-hhhw-99gj-p3c3  Medium
snakeyaml                       1.26                      1.32                java-archive  GHSA-9w3m-gqgf-c4p9  Medium
snakeyaml                       1.26                      1.32                java-archive  GHSA-w37g-rhq8-7m4j  Medium
snakeyaml                       1.26                      2.0                 java-archive  GHSA-mjmj-j48q-9wg2  High
stress                                                                        java-archive  CVE-2020-13946       Medium
wget                            1.20.3-1ubuntu2                               deb           CVE-2021-31879       Medium

Basic Testing - K8s cluster

• The container image was successfully loaded into a kind cluster.
• The container image could not be loaded into a kind cluster (please explain in the notes).

Notes: N/A?

Basic Testing - Package/Application

• The application is accessible to the user/cluster/etc. after start-up.
• The application is not accessible to the user/cluster/etc. after start-up. (please explain in the notes).

Notes: N/A?

Helm

• A Helm chart has been provided and the container image can be used with the chart. If needed, please add a -compat package to close any gaps with the public helm chart.
• A Helm chart has been provided and the container image is not working with the chart (please explain in the notes).
• A Helm chart was not provided.

Notes:

Processor Architectures

• The image was built and tested for x86_64.
• The image could not be built for x86_64 (please explain in the notes).
• The image was built and tested for aarch64.
• The image could not be built for aarch64. (please explain in the notes).

Notes:

Functional Testing + Documentation

• Functional tests have been included and the tests are passing. All tests have been documnted in the notes section.

Notes:

docker logs "${container_name}" | grep "Startup complete" helps us achieve that

Environment Testing + Documentation

• There has not been a request and/or there is no indication that this image needs tested on a public cloud provider.
• The container image has been tested successfully on a public cloud provider (AWS, GCP, Azure).
• The container image has not been tested successfully on a public cloud provider (AWS, GCP, Azure) (please explain in the notes).

Notes:

Version

• The package version is the latest version of the package. The latest tag points to this version.
• The package version is the not the latest version of the package (please explain in the notes).

Notes:

Dev Tag Availability

• There is a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base')
• There is not a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base') (please explain in the notes).

Notes:

Access Control + Authentication

• The image runs as nonroot and GID/UID are set to 65532 or upstream default
• Alternatively the username and GID/UID may be a commonly used one from the ecosystem e.g: postgres
• The image requires a non-standard username or non-standard GID/UID (please explain in the notes).

Notes: I guess it requires

accounts:
  groups:
    - groupname: cassandra
      gid: 999
  users:
    - username: cassandra
      uid: 999

ENTRYPOINT

• applications/servers/utilities set to call main program with no arguments e.g. [redis-server]
• applications/servers/utilities not set to call main program with no arguments e.g. [redis-server] (please explain in the notes)
• base images leave empty.
• base image and not empty (please explain in the notes).
• dev variants is set to entrypoint script that falls back to system.
• dev variants is not set to entrypoint script that falls back to system (please explain in the notes).

CMD

• For server applications give arguments to start in daemon mode (may be empty)
• For utilities/tooling bring up help e.g. –help
• For base images with a shell, call it e.g. [/bin/sh]

Environment Variables

• Environment variables added.
• Environment variables not added and not required.

SIGTERM

• The image responds to SIGTERM (e.g., docker kill $(docker run -d --rm cgr.dev/chainguard/nginx))

Logs

• Error logs write to stderr and normal logs to stdout. Logs DO NOT write to file.

Documentation - README

• A README file has been provided and it follows the README template.

[joshrwolf]

thanks for sticking with all the nits and changes, great work!