apache_exporter
apache_exporter copied to clipboard
Lusitaniae
Update Go dependancies for fix a CVE
Hello I use your exporter in a docker image of one of my projects but do you have a solution for me to update the Go dependencies of your project because Trivy a tool which analyzes security vulnerabilities in docker containers finds a CVE on a version of the Go dependency that you are using (do you have a way that I can update or rebuild your tool by updating the Go libraries without you having to do a release)
The Trivy result :
My dockerfile implementation of your tool :
fastest option would be you make your own build with updated dependencies
but if it's a security vulnerability affecting current releases then a PR would be most welcome :)
ok no problem,
After a test to build your tool, I have 2 problems :
These problems there are not important but you can update the doc in readme
-
for build with make
docker run --rm -v .:/usr/local/go/src/github.com/Lusitaniae/apache_exporter -w /usr/local/go/src/github.com/Lusitaniae/apache_exporter golang:latest makeI have this error :
-
for build with docker :
docker build -t apache_exporter .this build is not possible because in the dockerfile contains this :
and in local repo there are no folder .build
My solution for build in local repo is :
# for get and update go dependancies
docker run --rm -v .:/usr/local/go/src/github.com/Lusitaniae/apache_exporter -w /usr/local/go/src/github.com/Lusitaniae/apache_exporter golang:latest go get
# for build apache_exporter
docker run --rm -v .:/usr/local/go/src/github.com/Lusitaniae/apache_exporter -w /usr/local/go/src/github.com/Lusitaniae/apache_exporter golang:latest go build -buildvcs=false
and for update version of dependency with CVE :
docker run --rm -v .:/usr/local/go/src/github.com/Lusitaniae/apache_exporter -w /usr/local/go/src/github.com/Lusitaniae/apache_exporter golang:latest go get -u golang.org/x/net
this command change the go.mod file and change version v0.20.0 of dependency golang.org/x/net to v0.24.0 like this :
