Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update container image to address vulnerabilities #128

Open
ian-noaa opened this issue Jul 6, 2023 · 0 comments
Open

Update container image to address vulnerabilities #128

ian-noaa opened this issue Jul 6, 2023 · 0 comments
Assignees
@ian-noaa
Labels
component: build process Build process issue component: CI/CD Continuous integration and deployment issues type: enhancement Improve something that it is currently doing

Comments

@ian-noaa
Copy link
Collaborator

ian-noaa commented Jul 6, 2023

GSL's Sysdig scanner noticed a few issues with the Debian-provided versions of pip, wheel, setuptools, and numpy that are included with the image. Make sure we update those and switch to installing our Python application dependencies with pip instead of apt.

We originally installed our Python dependencies with apk instead of pip as that was easier in Alpine Linux's musl-based environment. However, we're now on a Debian-based image so pip-based installs should be very well supported.
@ian-noaa ian-noaa added component: build process Build process issue component: CI/CD Continuous integration and deployment issues type: enhancement Improve something that it is currently doing labels Jul 6, 2023
@ian-noaa ian-noaa self-assigned this Jul 6, 2023
@ian-noaa ian-noaa changed the title Update Container Image to address vulnerabilities Update container image to address vulnerabilities Jul 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ian-noaa ian-noaa

Labels
component: build process Build process issue component: CI/CD Continuous integration and deployment issues type: enhancement Improve something that it is currently doing
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

128-update-container-image-to-address-vulnerabilities dtcenter/METexpress
1 participant
@ian-noaa