MLOpsPython icon indicating copy to clipboard operation
MLOpsPython copied to clipboard
verified publisher icon microsoft

Docker image vulnerabilties

Open onacrame opened this issue 4 years ago • 2 comments

My organisation has allowed us a test environment to try out various Azure tools. The container built as part of this example is shown as having over a dozen vulnerabilties in Security Centre. What's the best way to update the image within the pipeline so that various packages are updated?

onacrame avatar Jan 11 '21 11:01 onacrame

I would recommend using your own custom docker image. This guide shows how to create your own pipeline for building your own image: https://github.com/microsoft/MLOpsPython/blob/master/docs/custom_container.md

It sounds like there are certain packages that need to be updated. The packages installed during image build are here: https://github.com/microsoft/MLOpsPython/blob/master/diabetes_regression/ci_dependencies.yml. Which packages are causing the issue? Maybe we can update our yaml.

j-so avatar Jan 15 '21 02:01 j-so

Hi thanks for the prompt response. After I posted this there did seem to be a commit which resolved most of the issues.m Two remain outstanding. See below

cve 1 of 2 cve 2 of 2

onacrame avatar Jan 19 '21 11:01 onacrame