Update rocker image - Githubissues

OasisLMF / OasisUI

User Interface for the Oasis platform.

BSD 3-Clause "New" or "Revised" License

16 stars 17 forks source link

Update rocker image #288

Closed sambles closed 2 years ago

sambles commented 2 years ago

Action points

[x] Add image CVE scanner (Trivy?)
[x] Update openssl / or removal
[ ] Look at updating shiny proxy

Issue Description

The app's docker file is built from rocker/r-ver:4.0.5, this is based on ubuntu:20:04. Which scanned for security issues the following CVE's are highlighted

app_CVE_overview app_CVE

Ideally the app should be updated to run on ubuntu:22:04 (if possible)

RolandASc commented 2 years ago

According to https://github.com/rocker-org/rocker-versioned2#readme, they might start using Ubuntu 22.04 fairly soon, i.e. 90 days after the release (which was April 21).

Meanwhile we could either try to use their image and scripts and adapt them ourselves accordingly, or if it's just about the high severity vulnerability of openssl, probably just upgrade / clean that up for now.