Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: fix critical CVEs in the dev container Docker image (SMR-1) #2980

Merged
merged 1 commit into from
Jan 27, 2025
Merged

chore: fix critical CVEs in the dev container Docker image (SMR-1) #2980

merged 1 commit into from
Jan 27, 2025

Conversation

tschaffter
Copy link
Member

@tschaffter tschaffter commented Jan 27, 2025
edited
Loading

Contributes to https://sagebionetworks.jira.com/browse/SMR-1

Preview

Build the dev container Docker image locally.

devcontainer build   --workspace-folder .github   --image-name ghcr.io/sage-bionetworks/sage-monorepo-devcontainer:local

Scan the image for CVEs.

$ trivy image --severity CRITICAL ghcr.io/sage-bionetworks/sage-monorepo-devcontainer:local
2025-01-27T21:44:23Z    INFO    [vuln] Vulnerability scanning is enabled
2025-01-27T21:44:23Z    INFO    [secret] Secret scanning is enabled
2025-01-27T21:44:23Z    INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-27T21:44:23Z    INFO    [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2025-01-27T21:45:28Z    INFO    Detected OS     family="ubuntu" version="24.04"
2025-01-27T21:45:28Z    INFO    [ubuntu] Detecting vulnerabilities...   os_version="24.04" pkg_num=541
2025-01-27T21:45:28Z    INFO    Number of language-specific files       num=40
2025-01-27T21:45:28Z    INFO    [gobinary] Detecting vulnerabilities...
2025-01-27T21:45:29Z    INFO    [python-pkg] Detecting vulnerabilities...
2025-01-27T21:45:29Z    INFO    [node-pkg] Detecting vulnerabilities...
2025-01-27T21:45:29Z    INFO    [jar] Detecting vulnerabilities...

ghcr.io/sage-bionetworks/sage-monorepo-devcontainer:local (ubuntu 24.04)

Total: 0 (CRITICAL: 0)

@tschaffter tschaffter self-assigned this Jan 27, 2025
@tschaffter tschaffter changed the title chore: fix critical CVEs in the dev container Docker image chore: fix critical CVEs in the dev container Docker image (SMR-1) Jan 27, 2025
@tschaffter tschaffter marked this pull request as ready for review January 27, 2025 22:02
@tschaffter tschaffter merged commit c7e2cdb into Sage-Bionetworks:main Jan 27, 2025
17 of 18 checks passed
@tschaffter tschaffter deleted the monorepo/fix-dev-container-critical branch January 27, 2025 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tschaffter tschaffter

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tschaffter