search

apache / druid

Apache Druid: a high performance real-time analytics database.
https://druid.apache.org/
Apache License 2.0
13.53k stars 3.71k forks source link

Provide/publish docker images based on debian:trixie? #16710

Open frankgrimes97 opened 4 months ago

frankgrimes97 commented 4 months ago

We've noticed that there are many base OS-level vulnerabilities reported (as per our Trivy scans) in the latest base Druid image and were wondering if it might make sense to consider moving up from debian:12.5 to debian:trixie.

$ trivy image apache/druid:30.0.0
…
apache/druid:30.0.0 (debian 12.5)

Total: 19 (UNKNOWN: 0, LOW: 14, MEDIUM: 2, HIGH: 2, CRITICAL: 1)
$ trivy image debian:12.6
...
debian:12.6 (debian 12.6)

Total: 72 (UNKNOWN: 0, LOW: 57, MEDIUM: 13, HIGH: 1, CRITICAL: 1)
$ trivy image debian:trixie
...
debian:trixie (debian trixie/sid)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
FrankChen021 commented 4 months ago

it makes sense. Can open a PR to do so