Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker image gcr.io/ml-pipeline/api-server:0.1.16 has many security issues #1545

Closed
JavaDerek opened this issue Jun 24, 2019 · 4 comments · Fixed by #1699
Closed

Docker image gcr.io/ml-pipeline/api-server:0.1.16 has many security issues #1545

JavaDerek opened this issue Jun 24, 2019 · 4 comments · Fixed by #1699
Assignees
@Ark-kun @IronPan
Labels
area/backend

Comments

@JavaDerek
Copy link

Security scanning of the latest api-server Docker image in the repo indicates the following CVE's...

CVE-2017-14062
CVE-2017-8804
CVE-2018-6485
CVE-2018-6551
CVE-2018-1000001
CVE-2019-9169
CVE-2017-12424
CVE-2018-15686
CVE-2016-2779
CVE-2018-12886
@Ark-kun
Copy link
Contributor

Ark-kun commented Jun 25, 2019

This version is pretty old. Can you please try upgrading?

@IronPan
Copy link
Member

IronPan commented Jul 3, 2019

@JavaDerek
Could you share more details about the scanning process so I can reproduce the result?

@jlewi
Copy link
Contributor

jlewi commented Jul 9, 2019

@IronPan this might be a good place for us to start
https://cloud.google.com/container-registry/docs/get-image-vulnerabilities

@JavaDerek
Copy link
Author

@IronPan I can't comment on what we do, but I've been able to verify that Clair (https://github.com/coreos/clair) would give you the above findings. Also, @Ark-kun - upgrading produced a different, smaller list of vulnerabilities, but unfortunately still vulnerabilities.

Ark-kun added a commit to Ark-kun/pipelines that referenced this issue Jul 29, 2019
@Ark-kun
Backend - Starting the container build from scratch
ddfdb27 
This reduces the image size, reduces the attack surface and avoids security vulnerabilities.
Fixes kubeflow#1545
@Ark-kun Ark-kun self-assigned this Jul 29, 2019
@Ark-kun Ark-kun mentioned this issue Jul 29, 2019
Merged
k8s-ci-robot pushed a commit that referenced this issue Aug 2, 2019
@Ark-kun @k8s-ci-robot
Backend - Starting the api-server container build from scratch (#1699)
24347fb 
* Backend - Starting the container build from scratch
This reduces the image size, reduces the attack surface and avoids security vulnerabilities.
Fixes #1545

* Starting building other controller images from scratch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ark-kun Ark-kun

@IronPan IronPan

Labels
area/backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Backend - Starting the api-server container build from scratch Ark-kun/pipelines
5 participants
@jlewi @Ark-kun @IronPan @rileyjbauer @JavaDerek