Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dockerfile): reduce attack surface #14

Merged
merged 1 commit into from
Dec 23, 2021
Merged

fix(dockerfile): reduce attack surface #14

merged 1 commit into from
Dec 23, 2021

Conversation

georgettica
Copy link
Contributor

@georgettica georgettica commented Dec 23, 2021
edited
Loading

a scan was conducted that showed vulns in the resulting container
as I tested this locally

$ docker build -t test .
$ docker run --rm -it test
REDACTED_DATE one of --file or --url is required

and it seems the container works correctly, I suggest we use this
hardened tag

further tests can come and i'll test them aswell

@georgettica
fix(dockerfile): reduce attack surface
c045089 
a scan was conducted that showed vulns in the resulting container
as I tested this locally
```
$ docker built -t test .
$ docker run --rm -it test
REDACTED_DATE one of --file or --url is required
```

and it seems the container works correctly, I suggest we use this
hardened tag

further tests can come and i'll test them aswell
squat
squat approved these changes Dec 23, 2021
View reviewed changes
Copy link
Member

@squat squat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds great to me

@squat squat merged commit cbe9f67 into observatorium:master Dec 23, 2021
@squat
Copy link
Member

squat commented Dec 23, 2021

Thanks @georgettica :)

@georgettica georgettica deleted the georgettica/reduce-attack-surface branch December 23, 2021 10:07
georgettica added a commit to georgettica/token-refresher that referenced this pull request Jan 9, 2022
@georgettica
fix(Dockerfile): move to ubi-micro [OSD-8579]
a12e33b 
the previous solution was ok, but the current one is more compatible
with the security team

- bump golang to latest (1.17)
- fix secuirty vuln found with 'trivy image scan'
- use ubi-micro to allow code-scanning using 'clair'
- did a 'go mod vendor && go mod tidy'

related to observatorium#14
@georgettica georgettica mentioned this pull request Jan 9, 2022
Open
georgettica added a commit to georgettica/token-refresher that referenced this pull request Jan 24, 2022
@georgettica
fix(Dockerfile): move to ubi-micro [OSD-8579]
f3e4f55 
the previous solution was ok, but the current one is more compatible
with the security team

- bump golang to latest (1.17)
- fix secuirty vuln found with 'trivy image scan'
- use ubi-micro to allow code-scanning using 'clair'
- did a 'go mod vendor && go mod tidy'
- gofmt a file using 'gofmt -w <filename>'

related to observatorium#14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squat squat squat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@georgettica @squat