feat: use alpine version to reduce vulnerabilities in image

serverless / github-action

:zap::octocat: A Github Action for deploying with the Serverless Framework

Apache License 2.0

662 stars 173 forks source link

feat: use alpine version to reduce vulnerabilities in image #51

Closed anandg112 closed 3 years ago

anandg112 commented 3 years ago

This PR uses alpine version of the image to reduce OS vulnerabilities in image. Scans were done using trivy image scanning - https://github.com/aquasecurity/trivy

cc @DavideViolante

From this:

nikolaik/python-nodejs:python3.9-nodejs14-slim (debian 10.8) Total: 29 (HIGH: 21, CRITICAL: 8)

to:

nikolaik/python-nodejs:python3.9-nodejs14-alpine (alpine 3.13.2) Total: 0 (HIGH: 0, CRITICAL: 0)

tx0c commented 3 years ago

this switch has caused Lambda build environment becomes a linuxmusl-x64 environment, caused some arch-dependent npm packages (like https://www.npmjs.com/package/sharp) installed wrong binaries, and then failed to run on Lambda, which requires linux-x64 binaries;

does here still maintain a debian slim based image?