Closed xelat closed 1 year ago
Let will test a different image and also consider other options.
Are you using the SAS Viya 4 Infrastructure as Code (IaC) tools to create a cluster? What is your cloud provider?
Microsoft Azure] (https://github.com/sassoftware/viya4-iac-azure),
AWS (https://github.com/sassoftware/viya4-iac-aws),
GCP (https://github.com/sassoftware/viya4-iac-gcp)
Please let us know.
Thank you!
@xelat can you share reported vulnerabilities of the associated image? quick look at CVEs, I wasn't able to find a vulnerability related to this image, so any insight you have would be great.
Let will test a different image and also consider other options. Are you using the SAS Viya 4 Infrastructure as Code (IaC) tools to create a cluster? What is your cloud provider? Microsoft Azure] (https://github.com/sassoftware/viya4-iac-azure), AWS (https://github.com/sassoftware/viya4-iac-aws), GCP (https://github.com/sassoftware/viya4-iac-gcp) Please let us know. Thank you!
Cloud provider is Microsoft Auzre. Customer didn't use the IaC to build the cluster.
@xelat I removed the comment with the report on purpose and will be removing the link above now. We have the info we need from that report and do not need it anymore.
We have created issue #200 for removing the feature that is using the node-hello image, so there will be nothing more specific related to this issue. Therefore, closing.
The customer is using Aqua Security to prevent container images that haven’t been subject to security scan from running on the cluster.
In pre_install_report/test/test_data/yaml_data/hello-application.yaml, we see the example image being used is gcr.io/google-samples/node-hello:1.0. This image is reported to contain vulnerabilities. Even we tried to pull and push that image to the customer's Container Registry but it still does not allow us to use it. What are the alternatives to this image?