agent-zero icon indicating copy to clipboard operation
agent-zero copied to clipboard
verified publisher icon frdel

Ship Testing images with updated OS & dependencies (to surface A0 bugs, reduce CVE risk, avoid stale components)

Open StirlingGoetz opened this issue 4 months ago • 2 comments

Summary

First—thank you for maintaining and releasing Agent Zero. 🙏 Request: before publishing Testing images, please update all Kali OS packages and bundled third-party components (e.g., browser-use and similar). This will (a) surface Agent Zero bugs that only appear after upstream changes, (b) reduce cybersecurity risk from shipping known-vulnerable components, and (c) prevent user friction from already-fixed bugs in “ancient” dependencies.

Why this matters

  1. Expose A0 bugs caused by upstream changes. Fresh OS/dependency updates help users find regressions introduced by new components—precisely what Testing is for.
  2. Lower CVE exposure. Shipped images with outdated packages can contain known HIGH/CRITICAL vulnerabilities.
  3. Avoid fixed-in-upstream issues. Users hit avoidable bugs when images ship with stale third-party libs that have already been patched.

Proposal

Adopt a “refresh & verify” gate for Testing image publication:

  • Build-time refresh: Update Kali base + third-party packages to latest safe versions during image build.
  • SBOM + vulnerability scan: Generate an SBOM and fail publication if HIGH/CRITICAL vulns are detected.
  • Smoke tests: Run a minimal A0 startup/execution check to catch breakage from updates.
  • Transparent tagging: Publish testing-YYYYMMDD (immutable) and roll testing-latest, with a short CHANGELOG of updated components.

Suggested implementation (illustrative)

Dockerfile (conceptual):

# 1) OS refresh
RUN apt-get update -y \
 && apt-get dist-upgrade -y \
 && apt-get autoremove -y \
 && apt-get clean -y

# 2) Python deps (example)
#    Prefer pinned requirements + periodic refresh via pip-compile
RUN python -m pip install --upgrade pip setuptools wheel \
 && pip install --no-cache-dir -r requirements.txt \
 && pip install --no-cache-dir pip-audit \
 && pip-audit --strict

# 3) Node deps (if applicable)
#    Prefer lockfiles; audit at high+ severity
RUN npm ci --omit=dev \
 && npm audit --audit-level=high

CI gate (illustrative GitHub Actions steps):

# Build the Testing image for this commit/PR
- name: Build image
  run: docker build -t ghcr.io/agentzero/testing:${{ github.sha }} .

# Create SBOM and fail on HIGH/CRITICAL vulns
- name: SBOM (Syft)
  run: |
    curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
    syft packages ghcr.io/agentzero/testing:${{ github.sha }} -o spdx-json > sbom.spdx.json

- name: Vulnerability scan (Trivy)
  run: |
    curl -sSfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
    trivy image --no-progress --exit-code 1 --severity HIGH,CRITICAL ghcr.io/agentzero/testing:${{ github.sha }}

# Optional: OSV scan for app-level deps (Python/Node)
- name: OSV-Scanner
  run: |
    curl -sSfL https://raw.githubusercontent.com/google/osv-scanner/main/scripts/install.sh | sh -s -- -b /usr/local/bin
    osv-scanner -r .

# Minimal smoke test (scripted)
- name: Smoke test
  run: |
    docker run --rm ghcr.io/agentzero/testing:${{ github.sha }} /bin/bash -lc \
      "agent-zero --version && python - <<'PY'\nprint('A0 smoke ok')\nPY"

Acceptance criteria

  • [ ] apt list --upgradable is empty in the built image.
  • [ ] SBOM is generated and attached as a build artifact.
  • [ ] Vulnerability scan shows 0 HIGH/CRITICAL findings (or documented/approved exceptions).
  • [ ] Basic A0 smoke test passes (CLI starts; core modules import; trivial task runs).
  • [ ] Image is published as testing-YYYYMMDD and referenced by testing-latest, with a short CHANGELOG of updated components.

Scope notes / trade-offs

  • Risk: Upstream updates can break A0. Mitigations: Pin majors, refresh minors/patches, run smoke tests, document any holds (apt-mark hold <pkg>), and add a short freeze window before promoting to stable.
  • Cost: Longer builds and CI time. Mitigations: Cache layers, run scans in CI only for Testing/Release branches, and reuse SBOM across jobs.

Labels / metadata

type: build-infraarea: imagespriority: mediumsecurity

Thanks again for all the work on Agent Zero and for providing images that make evaluation and adoption much easier. This change keeps Testing aligned with its purpose while meaningfully reducing security and support risk for users.

StirlingGoetz avatar Sep 01 '25 14:09 StirlingGoetz

@frdel Thanks for the recent push to update Kali Linux components. Please consider enhancing the ongoing A0 DevSecOps/CI/CD to continuously update software to reduce cybersecurity risk from shipping known-vulnerable components. The version of Agent Zero current at the time of this writing (v0.9.6) has 33 known vulnerabilities according to Docker Scout, many of them Critical or High.

Image

StirlingGoetz avatar Nov 05 '25 00:11 StirlingGoetz

@StirlingGoetz Thanks. The problem here is that Python dependencies are so fragile, that we have a very hard time with every update. Most dependencies rely on exact versions of other packages and finding the matching combination is sometimes impossible. We need to find a sustainable way of handling dependencies. Currently our biggest problem is browser-use, which has strict dependencies and they make their versions incompatible very fast, so we cannot update frequently...

frdel avatar Nov 05 '25 08:11 frdel