search

triton-inference-server / server

The Triton Inference Server provides an optimized cloud and edge inferencing solution.
https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/index.html
BSD 3-Clause "New" or "Revised" License
8.07k stars 1.45k forks source link

AWS ECR identifies vulnerability with Pillow version for Triton server image 23.07 #6222

Open sandeshan opened 1 year ago

sandeshan commented 1 year ago

Description

Hi team,

For use with our ECS containers, we pull the base Triton server image from the official Nvidia repo and then re-tag and upload to our private AWS ECR repository, without making any modifications.

We recently enabled enhanced scanning on our ECR repo, after which we were notified of a couple of security vulnerabilities that were tagged as CRITICAL severity.

Both the vulnerabilities refer to the usage of the package Pillow and recommend that we avoid usage of versions before 9.x.

When I run pip list | grep Pillow inside the Triton container, I see that Pillow is not installed in the base image, but ECR finds the older version of Pillow referenced in /opt/hpcx/clusterkit/bin/output/requirements.txt. Even if I update the image to install the latest version of Pillow, ECR still flags this file.

numpy==1.19.5
Pillow==8.3.1
simplejson==3.17.5
fpdf==1.7.2
python-hostlist==1.21

Looks like HPC-X and ClusterKit come as part of the base image, and is not something we have control over. Please investigate if ClusterKit or it's dependencies need to be updated to avoid this. I will also check with AWS support to get more details and next steps, but wanted to share this here in case it can be changed by the Triton team.

Triton Information

What version of Triton are you using? => 23.07 Are you using the Triton container or did you build it yourself? => Image obtained from Nvidia official repo (23.07-py3)

To Reproduce

  1. Upload Triton server 23.07-py3 image to AWS ECR
  2. Enable enhanced scanning on repo and container image
  3. Check vulnerability findings

Expected behavior

Security scan of the base images should not result in any Critical security findings.

krishung5 commented 1 year ago

Hi @sandeshan, thanks for bringing this up. We do run the scanning for Triton image. I think since Pillow is not installed, we are not seeing any vulnerabilities reported. I was wondering if using filters to rule out that particular file would work for your case.

sandeshan commented 1 year ago

@krishung5 The filters in the ECR scanning config refers to which repositories or image files we want to include in our automated scanning, and not the files within the image itself.

I also tried updating the base image and installing the latest version of Pillow, which is 10.0.0, but inspector still flags that requirements.txt file in the updated image. It seems like a bug in the AWS inspector, so I'll provide them with more details.

For the triton image itself, I assume it is still a risk for users who don't explicitly install the latest version of Pillow, and this file might force install the older version. Can this be mitigated by updating that library so that it doesn't refer to the old version?