aonamrata
commented
4 months ago For the python ones I noticed that there are 2 set/version of python files in the base image.
#6 0.437 python3-dnf.noarch 4.7.0-20.el8 @ubi-8-baseos-rpms
#6 0.437 python3-gpg.x86_64 1.13.1-12.el8 @ubi-8-baseos-rpms
#6 0.437 python3-hawkey.x86_64 0.63.0-19.el8 @ubi-8-baseos-rpms
#6 0.437 python3-libcomps.x86_64 0.1.18-1.el8 @ubi-8-baseos-rpms
#6 0.437 python3-libdnf.x86_64 0.63.0-19.el8 @ubi-8-baseos-rpms
#6 0.437 python3-libs.x86_64 3.6.8-62.el8_10 @ubi-8-baseos-rpms
#6 0.437 python3-pip-wheel.noarch 9.0.3-24.el8 @ubi-8-baseos-rpms
#6 0.437 python3-rpm.x86_64 4.14.3-31.el8 @ubi-8-baseos-rpms
#6 0.437 python3-setuptools-wheel.noarch 39.2.0-7.el8 @ubi-8-baseos-rpms
#6 0.437 python3-unbound.x86_64 1.16.2-5.el8_9.6 @ubi-8-appstream-rpms
#6 0.437 python39.x86_64 3.9.19-1.module+el8.10.0+21815+bb024982 @ubi-8-appstream-rpms
#6 0.437 python39-libs.x86_64 3.9.19-1.module+el8.10.0+21815+bb024982 @ubi-8-appstream-rpms
#6 0.437 python39-pip.noarch 20.2.4-9.module+el8.10.0+21329+8d76b841 @ubi-8-appstream-rpms
#6 0.437 python39-pip-wheel.noarch 20.2.4-9.module+el8.10.0+21329+8d76b841 @ubi-8-appstream-rpms
#6 0.437 python39-setuptools.noarch 50.3.2-5.module+el8.10.0+20345+671a55aa @ubi-8-appstream-rpms
#6 0.437 python39-setuptools-wheel.noarch 50.3.2-5.module+el8.10.0+20345+671a55aa @ubi-8-appstream-rpmsso even if i add
RUN python -m pip install certifi idna setuptools --upgrade
RUN python -m pip listand it shows fixed version, the scanner still reports the issue.
janjwerner-confluent
According to trivy scan the base image cp-server-connect-base:7.6.1 has many vulnerabilities which are supposed to be fixed already on OS and Java layer. The latest image tag in DockHub is 3 months ago. When can we expect a version to address those fixes?
Attaching a report from trivy.
report.html.zip