pipeline-service icon indicating copy to clipboard operation
pipeline-service copied to clipboard

Published 20 hours ago verified publisher icon openshift-pipelines

Use a package manager for installing binaries

Open fgiloux opened this issue 3 years ago • 1 comments

In some of our images we download binaries with curl and copy them into the filesystem. Whenever possible we should use a package manager for the installation. Examples: https://github.com/openshift-pipelines/pipeline-service/blob/main/images/access-setup/Dockerfile#L8-L13

Rational: These binaries are not "visible" to image scanners, which means that CVEs may get unnoticed.

fgiloux avatar Aug 30 '22 07:08 fgiloux

+1 - all our images will need to be onboarded to HACBS, which won't let us curl | bash to install components.

adambkaplan avatar Aug 30 '22 21:08 adambkaplan