robusta icon indicating copy to clipboard operation
robusta copied to clipboard

Published 20 hours ago verified publisher icon robusta-dev

official container image has too many CVE

Open tuananh opened this issue 1 year ago • 4 comments

is there any attempt to fix this?

recently, we tried trivy to scan this and found 22 critical + 164 high cve (total 533 CVEs)

tuananh avatar Apr 10 '23 03:04 tuananh

Thanks for reporting it @tuananh We're working on patching our images

arikalon1 avatar Apr 10 '23 09:04 arikalon1

may i ask how do you plan to fix that? we want to adopt Robusta at work and I would love to help anywhere I can

Btw, I sent 2 PR your way in kubewatch repo https://github.com/robusta-dev/kubewatch/pull/42 and https://github.com/robusta-dev/kubewatch/pull/43

tuananh avatar Apr 10 '23 17:04 tuananh

FYI these are the Critical CVEs detected by trivy in the latest release 0.10.17

CVE-2019-8457
CVE-2021-29921
CVE-2021-41945
CVE-2023-23914
CVE-2023-28322

RoryDoherty avatar Jun 07 '23 15:06 RoryDoherty

Thanks @tuananh , I just merged to kubewatch PRs @RoryDoherty , we're going to look into fixing the runner CVEs as well

arikalon1 avatar Jun 11 '23 21:06 arikalon1

@tuananh I know its kind of late. But our latest release 0.14.1 from 12 days ago. Resolved most of the cves. So there should very few relevant CVEs if any

RoiGlinik avatar Jul 14 '24 06:07 RoiGlinik

@RoiGlinik it's much better. Thank you for all the work <3

tuananh avatar Jul 14 '24 08:07 tuananh