tobybellwood
commented
10 months ago Use of golang 1.21.3 to build instead of 1.19.6 shows a significant reduction in CVEs
actions-handler
## Overview
│ Analyzed Image │ Comparison Image
────────────────────┼────────────────────────────────────────────┼─────────────────────────────────────────────
Target │ testlagoon/actions-handler:pr-3573 │ uselagoon/actions-handler:v2.16.0
digest │ 4d8ef92d6508 │ bcf0baef4b29
platform │ linux/amd64 │ linux/amd64
provenance │ https://github.com/uselagoon/lagoon.git │ https://github.com/uselagoon/lagoon.git
│ 2e665bb0c5b4efa3655b749b0df75a5c517bc502 │ 083aa40a8704b327c4cb7ba92cf83ad6a211aaf2
vulnerabilities │ 5C 42H 16M 1L 2? │ 7C 53H 21M 1L 3?
│ -2 -11 -5 -1 │
size │ 18 MB (-912 kB) │ 19 MB
packages │ 67 │ 67
│ │
Base image │ alpine:3 │ alpine:3
tags │ also known as │ also known as
│ • 3.18 │ • 3.18
│ • 3.18.4 │ • 3.18.4
│ • latest │ • latest
vulnerabilities │ 0C 0H 0M 0L │ 0C 0H 0M 0L backup-handler
## Overview
│ Analyzed Image │ Comparison Image
────────────────────┼────────────────────────────────────────────┼─────────────────────────────────────────────
Target │ testlagoon/backup-handler:pr-3573 │ uselagoon/backup-handler:v2.16.0
digest │ 2916e3291087 │ 0c673bee2bf6
platform │ linux/amd64 │ linux/amd64
provenance │ https://github.com/uselagoon/lagoon.git │ https://github.com/uselagoon/lagoon.git
│ 2e665bb0c5b4efa3655b749b0df75a5c517bc502 │ 083aa40a8704b327c4cb7ba92cf83ad6a211aaf2
vulnerabilities │ 5C 42H 16M 1L 2? │ 7C 53H 21M 1L 3?
│ -2 -11 -5 -1 │
size │ 16 MB (+409 kB) │ 16 MB
packages │ 62 │ 62
│ │
Base image │ alpine:3 │ alpine:3
tags │ also known as │ also known as
│ • 3.18 │ • 3.18
│ • 3.18.4 │ • 3.18.4
│ • latest │ • latest
vulnerabilities │ 0C 0H 0M 0L │ 0C 0H 0M 0L logs2notifications
## Overview
│ Analyzed Image │ Comparison Image
────────────────────┼────────────────────────────────────────────┼─────────────────────────────────────────────
Target │ testlagoon/logs2notifications:pr-3573 │ uselagoon/logs2notifications:v2.16.0
digest │ de5b73a84289 │ b39b20fda520
platform │ linux/amd64 │ linux/amd64
provenance │ https://github.com/uselagoon/lagoon.git │ https://github.com/uselagoon/lagoon.git
│ 2e665bb0c5b4efa3655b749b0df75a5c517bc502 │ 083aa40a8704b327c4cb7ba92cf83ad6a211aaf2
vulnerabilities │ 5C 42H 17M 2L 2? │ 7C 53H 22M 2L 3?
│ -2 -11 -5 -1 │
size │ 19 MB (+588 kB) │ 18 MB
packages │ 68 │ 68
│ │
Base image │ alpine:3 │ alpine:3
tags │ also known as │ also known as
│ • 3.18 │ • 3.18
│ • 3.18.4 │ • 3.18.4
│ • latest │ • latest
vulnerabilities │ 0C 0H 0M 0L │ 0C 0H 0M 0L workflows
## Overview
│ Analyzed Image │ Comparison Image
────────────────────┼────────────────────────────────────────────┼─────────────────────────────────────────────
Target │ testlagoon/workflows:pr-3573 │ uselagoon/workflows:v2.16.0
digest │ a86fce0ce7fd │ d3ccfd33c7ba
platform │ linux/amd64 │ linux/amd64
provenance │ https://github.com/uselagoon/lagoon.git │ https://github.com/uselagoon/lagoon.git
│ 2e665bb0c5b4efa3655b749b0df75a5c517bc502 │ 083aa40a8704b327c4cb7ba92cf83ad6a211aaf2
vulnerabilities │ 5C 42H 16M 1L 2? │ 7C 53H 21M 1L 3?
│ -2 -11 -5 -1 │
size │ 16 MB (+427 kB) │ 16 MB
packages │ 63 │ 63
│ │
Base image │ alpine:3 │ alpine:3
tags │ also known as │ also known as
│ • 3.18 │ • 3.18
│ • 3.18.4 │ • 3.18.4
│ • latest │ • latest
vulnerabilities │ 0C 0H 0M 0L │ 0C 0H 0M 0L
General Checklist
Database Migrations
Update go version and dependencies for backup-handler, logs2notifications, and workflows