You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What you expected to happen:
Since, maintenance of a tested version of Chaos Runner Docker container image in a user specific, private container registry is a best practice in a production grade container deployment (instead of using the publicly available version from a public image registry), it would be ideal to provide the users with an image which is vulnerability free, as much as possible.
Appreciate if you could look into the detected vulnerabilities. If LitmusChaos uses a different, image scan tool, would appreciate details about its vulnerability check.
How to reproduce it (as minimally and precisely as possible):
Using Trivy Docker image scan tool.
The text was updated successfully, but these errors were encountered:
Thanks for opening the issue . We are in the process of hardening the images - with mitigation for at least severity high CVEs as much as possible. Eta will be updated here (expected to take some time due to test efforts involved)
Is this a BUG REPORT or FEATURE REQUEST?
It is a BUG REPORT.
Choose one: BUG REPORT or FEATURE REQUEST
What happened:
Experienced the following Docker container image vulnerability scan report using Trivy Docker image scan tool.
What you expected to happen:
Since, maintenance of a tested version of Chaos Runner Docker container image in a user specific, private container registry is a best practice in a production grade container deployment (instead of using the publicly available version from a public image registry), it would be ideal to provide the users with an image which is vulnerability free, as much as possible.
Appreciate if you could look into the detected vulnerabilities. If LitmusChaos uses a different, image scan tool, would appreciate details about its vulnerability check.
How to reproduce it (as minimally and precisely as possible):
Using Trivy Docker image scan tool.
The text was updated successfully, but these errors were encountered: