Open chirangaalwis opened 3 years ago
Thanks for opening the issue . We are in the process of hardening the images - with mitigation for at least severity high CVEs as much as possible. Eta will be updated here (expected to take some time due to test efforts involved)
Is this a BUG REPORT or FEATURE REQUEST?
It is a BUG REPORT.
Choose one: BUG REPORT or FEATURE REQUEST
What happened: Experienced the following Docker container image vulnerability scan report using Trivy Docker image scan tool.
What you expected to happen: Since, maintenance of a tested version of Chaos Runner Docker container image in a user specific, private container registry is a best practice in a production grade container deployment (instead of using the publicly available version from a public image registry), it would be ideal to provide the users with an image which is vulnerability free, as much as possible.
Appreciate if you could look into the detected vulnerabilities. If LitmusChaos uses a different, image scan tool, would appreciate details about its vulnerability check.
How to reproduce it (as minimally and precisely as possible): Using Trivy Docker image scan tool.