fix(security): vulnerabilities found in fabric-all-in-one #2121

zondervancalvez · 2022-07-19T06:44:19Z

Fixes #2056

Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

jagpreetsinghsasan · 2022-07-20T05:51:53Z

Thanks for the contribution. This looks more likely a nice to have sort of thing, rather than a vulnerability fix as we dont call the AIO images as production ready, those are just for testing purposes. But yes, still the base image change is a good update.

Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

petermetz

@zondervancalvez LGTM, thank you!

Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

zondervancalvez · 2022-08-17T06:55:34Z

@izuru0 @sanvenDev following up for your review. Thank you.

petermetz

@zondervancalvez Please fix the DCO

zondervancalvez · 2022-09-01T14:18:45Z

@petermetz DCO is now fixed

Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes #1876 Depends On: #2121 Depends On: #2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

zondervancalvez marked this pull request as ready for review July 20, 2022 05:29

zondervancalvez requested review from petermetz, takeutak, izuru0, jagpreetsinghsasan and sandeepnRES as code owners July 20, 2022 05:29

zondervancalvez force-pushed the zondervancalvez/issue2056 branch from e857eac to e189222 Compare July 20, 2022 05:30

zondervancalvez added a commit to zondervancalvez/cactus that referenced this pull request Jul 20, 2022

ci: add container scanning to default checks

d0101a0

Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

jagpreetsinghsasan approved these changes Jul 20, 2022

View reviewed changes

zondervancalvez force-pushed the zondervancalvez/issue2056 branch 3 times, most recently from 764397e to 984b106 Compare July 20, 2022 07:30

zondervancalvez added a commit to zondervancalvez/cactus that referenced this pull request Jul 20, 2022

ci: add container scanning to default checks

f149cc3

Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>

takeutak approved these changes Jul 20, 2022

View reviewed changes

petermetz approved these changes Jul 23, 2022

View reviewed changes

petermetz force-pushed the zondervancalvez/issue2056 branch 2 times, most recently from 09d7c73 to e9ae7a2 Compare July 23, 2022 02:46

zondervancalvez force-pushed the zondervancalvez/issue2056 branch from e9ae7a2 to f51d344 Compare August 17, 2022 06:56

petermetz force-pushed the zondervancalvez/issue2056 branch from f51d344 to 1218b25 Compare August 25, 2022 23:47

petermetz requested changes Aug 26, 2022

View reviewed changes

zondervancalvez force-pushed the zondervancalvez/issue2056 branch 2 times, most recently from afdbc08 to b0e59f7 Compare September 1, 2022 06:05

zondervancalvez force-pushed the zondervancalvez/issue2056 branch from b0e59f7 to f5b56ac Compare March 31, 2023 07:29

zondervancalvez requested a review from VRamakrishna as a code owner March 31, 2023 07:29

zondervancalvez requested a review from petermetz March 31, 2023 07:29

petermetz mentioned this pull request Aug 25, 2023

ci: add container scanning to default checks #1981

Merged

adrianbatuto mentioned this pull request Sep 8, 2023

ci: add container scanning to default checks adrianbatuto/cacti#2

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(security): vulnerabilities found in fabric-all-in-one #2121

fix(security): vulnerabilities found in fabric-all-in-one #2121

zondervancalvez commented Jul 19, 2022

jagpreetsinghsasan commented Jul 20, 2022

petermetz left a comment

zondervancalvez commented Aug 17, 2022

petermetz left a comment

zondervancalvez commented Sep 1, 2022

fix(security): vulnerabilities found in fabric-all-in-one #2121

fix(security): vulnerabilities found in fabric-all-in-one #2121

Conversation

zondervancalvez commented Jul 19, 2022

jagpreetsinghsasan commented Jul 20, 2022

petermetz left a comment

Choose a reason for hiding this comment

zondervancalvez commented Aug 17, 2022

petermetz left a comment

Choose a reason for hiding this comment

zondervancalvez commented Sep 1, 2022