seankhliao
commented
3 months ago This doesn't sound like an issue with the Go project.
Unlike many projects, the Go project does not use GitHub Issues for general discussion or asking questions. GitHub Issues are used for tracking bugs and proposals only.
For questions please refer to https://github.com/golang/go/wiki/Questions
Go version
golang.org/x/net@v0.23.0
Output of
go envin your module/workspace:Successfully installed and built image.
What did you do?
Initialize Go modules and download specific versions
USER root WORKDIR /postprod/go RUN go mod init mymodule
Add a dummy Go file to ensure there is a package to tidy
RUN echo "package main\nfunc main() {}" > dummy.go
ENV GO111MODULE=on ENV GOPATH=/go ENV PATH=$GOPATH/bin:/usr/local/go/bin:$PATH
Remove old versions of packages and install latest versions
RUN export https_proxy=http://cross-cluster-host.platform.svc.cluster.perryman:31080 \ && export http_proxy=http://cross-cluster-host.platform.svc.cluster.omaha:31280 \ && go clean -modcache \ && go get -u golang.org/x/net@v0.23.0 \ && go get -u github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0 \ && go install github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0 \ && go mod tidy
Remove the dummy Go file
RUN rm dummy.go
What did you see happen?
Type: dockerImage ImageID: sha256:ea32b10fdeade0ab4cfb3caeacc876616a50b5b5b2618bca3ef3b5b6c6866625 Digest: localhost/mariadb_ops_image@sha256:67483b8d99cb10e1cde702a68a57d1edda38ec965baf79f5ff715b4f2c06708a BaseOS: redhat 9.4 PullString: ea32b10fdead
1492 vulnerabilities found 0 Critical (0 fixable) 20 High (15 fixable) 570 Medium (8 fixable) 891 Low (14 fixable) 11 Negligible (0 fixable)
golang.org/x/net golang v0.20.0 v0.23.0 0 1 0 0 0 0
github.com/Azure/azure-sdk-for-go/sdk/azidentity golang v1.4.0 v1.6.0 0 0 1 0 0 0
Policies evaluation FAILED at 2024-07-03T03:36:29Z
What did you expect to see?
I don't want to see the Golang package's vulnerabilities in scan results after installing via Dockerfile.