Open EarthlingDavey opened 7 months ago
I love this Davey! Let's have a chat today about improving our position here. Your suggestion focused on keeping a copy of our own and using security plugins to manage our protection sounds like a good route to follow.
Thanks for the chat @EarthlingDavey.
Moving forward; in a bid to handle CVEs to support us in preventing supply chain attacks, we have agreed to merge the 2 repos under a new repository; https://github.com/ministryofjustice/dory-dnsmasq:
This will allow us to fix the reported vulnerabilities, namely:
Our repo will use GitHub Actions to build multi-arch images in Docker Hub, for use across the estate and the wider open-source tech community.
What do you think about reviewing the current dependencies?
One in particular stands out, that we are using 2 custom dory images, maintained by relatively unknown developers.
I would appreciate a chat, about the following points:
While I understand moving quickly with this migration is important, could we have security as an equal priority?