Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addressing vulnerability issues in Docker images #939

Merged
merged 3 commits into from
Oct 6, 2023

Conversation

MukuFlash03
Copy link
Contributor

Fixing CRITICAL and HIGH severity issues detected by AWS Inspector in the Docker images in AWS ECR.

  • First off, picking up the certifi package dependency issue.
  • Upgrading to a newer version of miniconda which contains the recommended fixed version of certifi.
  • Additionally, corrected the curl URL to update the version suffix based on the required miniconda version to be installed.

Working on more vulnerability issues...

Mahadik, Mukul Chandrakant added 3 commits October 3, 2023 15:49
- Fixing CRITICAL and HIGH severity issues detected by AWS Inspector in the Docker images in AWS ECR.
- First off, picking up the certifi package dependency issue.
- Upgrading to a newer version of miniconda which contains the recommended fixed version of certifi.
- Additionally, corrected the curl URL to update the version suffix based on the required miniconda version to be installed.
…riable

- Added EXP_CONDA_VER_SUFFIX environment variable so that it can be updated just in setup/export_versions.sh as per need.
- Manually upgrading cryptography in .docker/setup_config.sh to the recommended version.
- The latest miniconda package contains cryptography version 39.0.1 while latest available cryptography version recommended for fixing vulnerability is 41.0.4.
- Hence, based on comments in this file, manually upgrading to latest version.
- v39.0.1  of cryptography comes with the miniconda-23.5.2 version.
- However, for vulnerability fixing, cryptography had to be manually upgraded to v41.0.4.
- This leaves v39.0.1 unused as a newer version is available; hence removing it.
@shankari shankari merged commit ff8dc5b into e-mission:master Oct 6, 2023
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants