Improve vulnerability scanning of Docker image #239

DieterReuter · 2019-07-27T19:56:34Z

Currently, the Alpine package list will be removed. This "optimization" saves less then 100 kBytes,
but without the package database file /lib/apk/db/installed it gets really harder to scan
this Docker Image for software vulnerabilities.

Therefore I'd like to strongly propose to remove this "optimization" step and keep the Alpine
package database file.

Signed-off-by: Dieter Reuter dieter.reuter@me.com

Currently, the Alpine package list will be removed. This "optimization" saves less then 100 kBytes, but without the package database file `/lib/apk/db/installed` it gets really harder to scan this Docker Image for software vulnerabilities. Therefore I'd like to strongly propose to remove this "optimization" step and keep the Alpine package database file. Signed-off-by: Dieter Reuter <dieter.reuter@me.com>

luxas

Fair call @DieterReuter and thanks for this PR!

LGTM 👍

luxas approved these changes Jul 29, 2019

View reviewed changes

luxas added this to the v0.5.0 milestone Jul 29, 2019

luxas self-assigned this Jul 29, 2019

luxas merged commit fed5235 into weaveworks:master Jul 29, 2019

DieterReuter deleted the fix-package-list branch July 29, 2019 15:48

luxas added the kind/enhancement Categorizes issue or PR as related to improving an existing feature. label Aug 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve vulnerability scanning of Docker image #239

Improve vulnerability scanning of Docker image #239

DieterReuter commented Jul 27, 2019

luxas left a comment

Improve vulnerability scanning of Docker image #239

Improve vulnerability scanning of Docker image #239

Conversation

DieterReuter commented Jul 27, 2019

luxas left a comment

Choose a reason for hiding this comment