Closed szh closed 3 months ago
CI is failing due to Golang vulns in Go version used in the summon binary.
Edit: seems to be caused by use of summon's master
branch instead of main
.
Looks like we need a new release of summon and summon-conjur with an updated Go version to fix this.
Summon and summon-conjur releases will take some time. This PR can go ahead with the failing build for now if we can get an approval.
There doesn't seem to be any real reason we're using the Ruby base image for the pet store app. The app is written in Java, and besides this container is for summon and we're installing the compiled version. The Ruby image is large and has therefore has a large attack surface and many packages with vulnerabilities. Switching to a slimmer base image such as Alpine reduces attack surface and vulnerabilities.
While we're at it, updating to the latest spring boot version. Also removed deprecated "version" tag from docker-compose.yml.