Open joaocc opened 2 months ago
Quick update: The latest images have a fresh alpine base which removes the vulnerabilities there.
With CoreDNS it's a bit more complicated. It seems the CoreDNS community struggles to release an updated version: https://github.com/coredns/coredns/issues/6661
We will come back to this once there is new CoreDNS release
What happened?
Trivy operator reports the use of images with vulnerabilities. In this case library/alpine:3.13.1 and coredns/coredns:1.11.0
What did you expect to happen?
Depending on the need to specify an older version, one of these would be better:
CoreDNS doesn't provide a Major+Minor version, so in this case a simple upgrade might do the trick:
How can we reproduce it (as minimally and precisely as possible)?
run trivy-operator on any vcluster deployment
Anything else we need to know?
No response
Host cluster Kubernetes version
N/A
Host cluster Kubernetes distribution
N/A
vlcuster version
v0.20.x
Vcluster Kubernetes distribution(k3s(default)), k8s, k0s)
N/A
OS and Arch
N/A