Updated deps, golang and alpine to fix some known CVEs found in current outdated libs and images.
Before:
$ trivy mintel/dex-k8s-authenticator:1.4.0
2021-05-27T13:17:17.164+0600 INFO Detected OS: alpine
2021-05-27T13:17:17.165+0600 INFO Detecting Alpine vulnerabilities...
2021-05-27T13:17:17.173+0600 INFO Number of PL dependency files: 1
2021-05-27T13:17:17.173+0600 INFO Detecting gobinary vulnerabilities...
2021-05-27T13:17:17.175+0600 WARN This OS version is no longer supported by the distribution: alpine 3.10.3
2021-05-27T13:17:17.176+0600 WARN The vulnerability detection may be insufficient because security updates are not provided
mintel/dex-k8s-authenticator:1.4.0 (alpine 3.10.3)
==================================================
Total: 27 (UNKNOWN: 0, LOW: 3, MEDIUM: 13, HIGH: 11, CRITICAL: 0)
...
app/bin/dex-k8s-authenticator
=============================
Total: 5 (UNKNOWN: 2, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)
...
After:
$ trivy dex-k8s-authenticator:bump-golang1.16.4-alpine3.13.5
2021-05-27T13:48:15.318+0600 INFO Detected OS: alpine
2021-05-27T13:48:15.318+0600 INFO Detecting Alpine vulnerabilities...
2021-05-27T13:48:15.320+0600 INFO Number of PL dependency files: 1
2021-05-27T13:48:15.320+0600 INFO Detecting gobinary vulnerabilities...
dex-k8s-authenticator:bump-golang1.16.4-alpine3.13.5 (alpine 3.13.5)
====================================================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
app/bin/dex-k8s-authenticator
=============================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
nabadger
commented
3 years ago
Updated deps, golang and alpine to fix some known CVEs found in current outdated libs and images.
Before:
After: