-
Notifications
You must be signed in to change notification settings - Fork 37
Build image with current Alpine #21
Comments
Normally the travispipeline runs per week. Sure, for vulnerabilities, I can trigger the travis pipeline manually. |
exist vulnerabilities report https://app.travis-ci.com/github/alpine-docker/socat/builds/256567525 |
the vulnerabilities come from base image, not from In It has the current latest socat version
Several decisions we need make :
|
Thanks for the response and checking the vulnerabilities. For my use case, it would be great to use socat 1.7.4.3-r0 on alpine 3.16. Is it possible to have the pipeline check for new socat versions in both alpine branches, so two variants of the socat image can be built? So that would be check both The tags for the generated images would have to be changed, too, maybe using a pattern like |
It's possible to upgrade all the packages from the base image to fix any CVE's using this:
|
@maartenwest This is the report using the latest image: ubuntu@ubuntu:~/Desktop$ docker run --net=host --rm aquasec/trivy:latest image alpine/socat:latest
2023-02-21T04:00:53.038Z INFO Need to update DB
2023-02-21T04:00:53.038Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2023-02-21T04:00:53.038Z INFO Downloading DB...
2023-02-21T04:00:56.837Z INFO Vulnerability scanning is enabled
2023-02-21T04:00:56.837Z INFO Secret scanning is enabled
2023-02-21T04:00:56.837Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-02-21T04:00:56.837Z INFO Please see also https://aquasecurity.github.io/trivy/v0.37/docs/secret/scanning/#recommendation for faster secret detection
2023-02-21T04:00:57.641Z INFO Detected OS: alpine
2023-02-21T04:00:57.641Z INFO Detecting Alpine vulnerabilities...
2023-02-21T04:00:57.643Z INFO Number of language-specific files: 0
alpine/socat:latest (alpine 3.17.2)
===================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) |
The current image, 1.7.4.3-r1, was built 2 months ago, and today there are some known vulnerabilities in its dependencies.
If I rebuild the image today, with
alpine:3.16.2
as base image, the resulting image does not have these vulnerabilities.Is it possible to trigger Travis CI so a new image is pushed to hub.docker.com, even though there is no new tag of socat?
Thanks for providing this image!
The text was updated successfully, but these errors were encountered: