hpvd
hpvd
of course its hard to fix all of them... what do you think of adapting the **distroless approach** to get rid of software in containers that contains security problems but...
just opened a new issue with some background and sources on the distroless approach: https://github.com/streamnative/function-mesh/issues/448
today in v0.6: with https://artifacthub.io/packages/helm/function-mesh/function-mesh-operator?modal=security-report **13 vulnerabilities** have been detected in this package's images. 
just an update on freshly release v0.7: **14 vulnerabilities (14 fixable)** have been detected in this package's images. source: https://artifacthub.io/packages/helm/function-mesh/function-mesh-operator?modal=security-report 
some more details: 
As background info, the security scanner used by artifacthub, providing results shown above is trivy, **so all the finding should be pretty valid**. For details, see: https://artifacthub.io/docs/topics/security_report/ and trivy https://github.com/aquasecurity/trivy
there is also an easy to use **github action for scanning with trivy** - the complete repository, - pull requests, - docker container - IaC - etc. => Maybe, this...
Extract: these 5 updates to the latest versions should solve all found 14 vulnerabilities: - [x] https://github.com/prometheus/client_golang/releases - [x] https://github.com/kubernetes/client-go/tags - [ ] https://pkg.go.dev/golang.org/x/text?tab=versions - [x] https://pkg.go.dev/golang.org/x/crypto?tab=versions - [ ]...
maybe function-mesh is a pretty good point start to give this approach a try: - there is a know problem https://github.com/streamnative/function-mesh/issues/371 which will be solved and - the size of...
@freeznet many thanks for the great summary of the reasons! imho this is a pretty important direction (added some more possibly interesting points for developers and managers to list of...