Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the side-cars to the latest to mitigate the CVEs #1246

Merged
merged 1 commit into from
Jan 19, 2024

Conversation

mskanth972
Copy link
Contributor

@mskanth972 mskanth972 commented Jan 19, 2024

Is this a bug fix or adding new feature?

What is this PR about? / Why do we need it?
Bump the side-cars to the latest to mitigate the CVEs

What testing is done?

mskanth@bcd07411789d ~ % trivy image public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.11.0-eks-1-29-2
2024-01-18T20:17:43.560-0500	INFO	Vulnerability scanning is enabled
2024-01-18T20:17:43.560-0500	INFO	Secret scanning is enabled
2024-01-18T20:17:43.560-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-01-18T20:17:43.560-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2024-01-18T20:17:52.436-0500	INFO	Detected OS: amazon
2024-01-18T20:17:52.436-0500	INFO	Detecting Amazon Linux vulnerabilities...
2024-01-18T20:17:52.437-0500	INFO	Number of language-specific files: 1
2024-01-18T20:17:52.437-0500	INFO	Detecting gobinary vulnerabilities...

public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.11.0-eks-1-29-2 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

mskanth@bcd07411789d ~ % trivy image public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.9.3-eks-1-29-2
2024-01-18T20:26:46.164-0500	INFO	Vulnerability scanning is enabled
2024-01-18T20:26:46.164-0500	INFO	Secret scanning is enabled
2024-01-18T20:26:46.164-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-01-18T20:26:46.164-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2024-01-18T20:26:53.760-0500	INFO	Detected OS: amazon
2024-01-18T20:26:53.760-0500	INFO	Detecting Amazon Linux vulnerabilities...
2024-01-18T20:26:53.760-0500	INFO	Number of language-specific files: 1
2024-01-18T20:26:53.760-0500	INFO	Detecting gobinary vulnerabilities...

public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.9.3-eks-1-29-2 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

mskanth@bcd07411789d ~ % trivy image public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.6.3-eks-1-29-2 
2024-01-18T20:27:10.092-0500	INFO	Vulnerability scanning is enabled
2024-01-18T20:27:10.092-0500	INFO	Secret scanning is enabled
2024-01-18T20:27:10.092-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-01-18T20:27:10.092-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2024-01-18T20:27:33.932-0500	INFO	Detected OS: amazon
2024-01-18T20:27:33.932-0500	INFO	Detecting Amazon Linux vulnerabilities...
2024-01-18T20:27:33.932-0500	INFO	Number of language-specific files: 1
2024-01-18T20:27:33.932-0500	INFO	Detecting gobinary vulnerabilities...

public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.6.3-eks-1-29-2 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Tested both on the public registry and private registry images

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 19, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mskanth972

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 19, 2024
@mskanth972 mskanth972 merged commit 8d55e36 into kubernetes-sigs:master Jan 19, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants