Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Copa to patch all docker image vulnerabilities reported by Trivy #627

Closed
SaptarshiSarkar12 opened this issue Sep 5, 2024 · 1 comment · Fixed by #628
Closed

Add Copa to patch all docker image vulnerabilities reported by Trivy #627

SaptarshiSarkar12 opened this issue Sep 5, 2024 · 1 comment · Fixed by #628
Assignees
@SaptarshiSarkar12
Labels
CI/CD 🔁 Pull Requests which update GitHub Actions code docker 🐋 Issues/Pull Requests regarding docker feature ✨ New feature request or addition
Milestone
Drifty v2.1.0

Comments

@SaptarshiSarkar12
Copy link
Owner

Description

Trivy has detected many vulnerabilities for drifty-cli and drifty-gui docker images along with fixed versions for some. So, an automated fixing of those and any future vulnerabilities must be implemented. Copacetic has proven to be the right tool for auto-fixing those vulnerabilities. They also have created a GitHub Actions to automate the fix.

Additional information

For now, some vulnerabilities (might be false positive; not confirmed yet), copa fails to patch the update. Here are some links to issues regarding the same:

Those CVEs have FIPS packages as their fixed versions which might be a clue to the cause of failure of copa.

Do you want to work on this issue?

Yes
@SaptarshiSarkar12 SaptarshiSarkar12 added Other issue Issues other than feature/bug CI/CD 🔁 Pull Requests which update GitHub Actions code docker 🐋 Issues/Pull Requests regarding docker labels Sep 5, 2024
@github-project-automation github-project-automation bot moved this to Todo in Drifty Sep 5, 2024
@SaptarshiSarkar12 SaptarshiSarkar12 added this to the Drifty v2.1.0 milestone Sep 5, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 5, 2024

Hello 👋! Thank you very much for raising an issue 🙌! The maintainers will get back to you soon for discussion over the issue! 🚀

Meanwhile you can also discuss about the project in our Discord Server 😀

@SaptarshiSarkar12 SaptarshiSarkar12 self-assigned this Sep 5, 2024
@SaptarshiSarkar12 SaptarshiSarkar12 mentioned this issue Sep 5, 2024
Merged
5 tasks
@SaptarshiSarkar12 SaptarshiSarkar12 linked a pull request Sep 5, 2024 that will close this issue
feat: added copa to patch all docker image vulnerabilities reported by trivy #628
Merged
5 tasks
@SaptarshiSarkar12 SaptarshiSarkar12 added feature ✨ New feature request or addition and removed Other issue Issues other than feature/bug labels Sep 5, 2024
@SaptarshiSarkar12 SaptarshiSarkar12 moved this from Todo to In Progress in Drifty Sep 5, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in Drifty Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SaptarshiSarkar12 SaptarshiSarkar12

Labels
CI/CD 🔁 Pull Requests which update GitHub Actions code docker 🐋 Issues/Pull Requests regarding docker feature ✨ New feature request or addition
Projects
Drifty
Status: Done
Milestone
Drifty v2.1.0
1 participant
@SaptarshiSarkar12