Assistance Required for Resolving Vulnerabilities in Docker Image for DVT

[hrshimpi]

Description: We are currently using the DVT [GCP/professional-services-data-validator/samples/cloud_run_jobs/Dockerfile] Docker image for our DB2 to BigQuery comparison for project. After scanning the Docker image with GCP Artifact Registry's vulnerability scanner, we discovered multiple vulnerabilities.

Current Status:

1. We have already addressed some vulnerabilities by updating to the python:3.11.9-slim-bookworm base image and resolving two issues related to Git version and the setuptools Python package.
2. We need further assistance to address additional vulnerabilities, particularly those classified as critical and high severity.

Request: We seek guidance on the best approach to resolve these remaining vulnerabilities. Any help or advice on how to proceed would be greatly appreciated.

Attachments: DVT Vulnerabilities (GCP Scan).xlsx

Updated Dockerfile:

FROM python:3.11.9-slim-bookworm AS clone-stage

RUN apt-get update \
    && apt-get install -y git \
    && rm -rf /var/lib/apt/lists/*

RUN git clone --depth 1 --branch v6.0.0 https://github.com/GoogleCloudPlatform/professional-services-data-validator.git

FROM python:3.11.9-slim-bookworm AS build-stage

WORKDIR /app

COPY --from=clone-stage /professional-services-data-validator /app

RUN apt-get update \
    && apt-get install -y gcc \
    && rm -rf /var/lib/apt/lists/*

##update setuptools package to version 70.0.0 
RUN pip install --upgrade setuptools==70.0.0

RUN pip install --no-cache-dir .

ENTRYPOINT ["python","-m","data_validation"]

[helensilva14]

Hi @hrshimpi!

Thank you for raising this concern and providing the vulnerability scan details. We will analyze your file and the impact of the remaining vulnerabilities to provide an update with further guidance and recommendations on remediation steps as soon as possible.

In the meantime, we appreciate your patience, understanding and collaboration with us!