meltano icon indicating copy to clipboard operation
meltano copied to clipboard

Published 20 hours ago verified publisher icon meltano

Address container scan alerts

Open WillDaSilva opened this issue 2 years ago • 1 comments

The container scans were last run in https://github.com/meltano/meltano/pull/6410, and they revealed the following issues: https://github.com/meltano/meltano/security/code-scanning?query=ref%3Arefs%2Fpull%2F6410%2Fmerge+tool%3AGrype

We expect that many of these will be addressed by

  • #3203

This issue exists to address the remaining issues deemed significant enough. In addition to addressing those issues with the images, this issue also includes removing the continue-on-error: true line from the docker-build-scan-push action, since from that point onward we'll want to prevent the publication of images which contain issues above some severity level.

WillDaSilva avatar Jul 27 '22 20:07 WillDaSilva

https://github.com/meltano/meltano/security/code-scanning

Almost all of the detected issues stem from us using outdated packages for the Meltano webapp (i.e. they were detected in yarn.lock). Updating those seems like a good first step. @alexmarple thoughts?

WillDaSilva avatar Aug 08 '22 16:08 WillDaSilva