keripy icon indicating copy to clipboard operation
keripy copied to clipboard

Published 20 hours ago verified publisher icon WebOfTrust

Security issues in docker images

Open BernhardFuchs opened this issue 1 year ago • 2 comments

When we run a scan with trivy on the images:

  • gleif/did-webs-resolver-service:latest
  • gleif/did-keri-resolver-service:latest

we get a long list of security issues mostly related to alpine 3.16.0 and a few for python-pkg.
The issues with alpine could be fixed by upgrading to alpine 3.18 and it seems this is done already here but somehow these change is not reflected in the images above.

BernhardFuchs avatar Nov 03 '23 13:11 BernhardFuchs

This is because the base image gleif/keri:latest hasn't been updated in 7 months:

https://hub.docker.com/r/gleif/keri/tags

peacekeeper avatar Nov 03 '23 15:11 peacekeeper

Yes, the Docker Hub image just needs to be updated. Until we get this coming out of a CI pipeline then someone who has access to the glief/keri Docker Hub repo will need to manually push a new image.

kentbull avatar Nov 08 '23 02:11 kentbull