-
Notifications
You must be signed in to change notification settings - Fork 138
Closed
Labels
CI/CD 🔁Pull Requests which update GitHub Actions codePull Requests which update GitHub Actions codedocker 🐋Issues/Pull Requests regarding dockerIssues/Pull Requests regarding dockerfeature ✨New feature request or additionNew feature request or addition
Milestone
Description
Description
Trivy has detected many vulnerabilities for drifty-cli
and drifty-gui
docker images along with fixed versions for some. So, an automated fixing of those and any future vulnerabilities must be implemented. Copacetic has proven to be the right tool for auto-fixing those vulnerabilities. They also have created a GitHub Actions to automate the fix.
Additional information
For now, some vulnerabilities (might be false positive; not confirmed yet), copa fails to patch the update. Here are some links to issues regarding the same:
- False Positives being reported from Trivy 0.24.2 - oraclelinux:8 image aquasecurity/trivy#1967
- [BUG] Copa fails to patch all fixed CVEs for Oracle Linux (9-slim) docker image project-copacetic/copacetic#762
Those CVEs have FIPS packages as their fixed versions which might be a clue to the cause of failure of copa.
Do you want to work on this issue?
Yes
Metadata
Metadata
Assignees
Labels
CI/CD 🔁Pull Requests which update GitHub Actions codePull Requests which update GitHub Actions codedocker 🐋Issues/Pull Requests regarding dockerIssues/Pull Requests regarding dockerfeature ✨New feature request or additionNew feature request or addition
Projects
Status
Done