Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

alpine image security updates/upgrades

See original GitHub issue

Hi,

we started to store images in Harbor in our company internally (because k8s clusters do not have externall network access). And one of Harbor functionalities is, that it scans vulnerabilities. In case of apicurio-registry-kafkasql 2.0.1.Final docker image it means this: obrazek

All vulnerabilities are fixed in further updates of Alpine distro, but the image used for apicurio-registry images seems to be discontinued for a few months.

So I wanted to ask few questions about it:

Is there a high chance that we can break something running apk upgrade in the image? I mean, do you preserve this specific image for a specific reason?
Is there a chance that you can add apk upgrade to the image packaging process?

Thank you, Peter

Issue Analytics

State:
Created 2 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

petolexacommented, Jun 30, 2021

Hi @riprasad, it seems, that image for 2.0.1.Final in dockerhub is still on alpine - even if I see update from yesterday, if I run the image, I see:

/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.11.6
PRETTY_NAME="Alpine Linux v3.11"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

The size corresponds to alpine as well (cca 160MB comparing to UBI with cca 250MB).

So I tried latest-snapshot image and it shows RedHat:

[jboss@cf7d3b301646 ~]$ cat /etc/os-release
VERSION="8.4 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.4"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.4 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8.4:GA"

I pushed this latest snapshot to our Harbor and it has 0 critical and only 6 High severity issues ( comparing to 1+23 in that older Alpine): obrazek

From my point of view, it is good 😃 At least in the latest-snapshot. For 2.0.1.Final we are okay with the older Alpine, as we know, that the image for next versions will be more secure.

Thank you for your time, Peter

1reaction

riprasadcommented, Jun 29, 2021

@petolexa We have upgraded the images for 2.0.1.Final. Could you store the latest image in Harbour and check the vulnerability severity. I would be particularly interested in knowing what Harbour has to report for these new images.