Skip to content

upgrade go and deps #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 9, 2025
Merged

upgrade go and deps #282

merged 1 commit into from
Jan 9, 2025

Conversation

movence
Copy link
Contributor

@movence movence commented Jan 7, 2025

Issue #, if available:
Image scanner results: https://github.com/aws-observability/helm-charts/actions/runs/12633083327/job/35197988021

Description of changes:

  • Update go version used in build and by docker
  • Upgrade golang.org/x/net version

Scanning the built image with trivy and docker scout

> trivy image aws/cloudwatch-agent-operator:2.0.1
2025-01-07T11:16:20-05:00	INFO	[vuln] Vulnerability scanning is enabled
2025-01-07T11:16:20-05:00	INFO	[secret] Secret scanning is enabled
2025-01-07T11:16:20-05:00	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T11:16:20-05:00	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T11:16:21-05:00	INFO	Detected OS	family="debian" version="12.8"
2025-01-07T11:16:21-05:00	INFO	[debian] Detecting vulnerabilities...	os_version="12" pkg_num=3
2025-01-07T11:16:21-05:00	INFO	Number of language-specific files	num=1
2025-01-07T11:16:21-05:00	INFO	[gobinary] Detecting vulnerabilities...

aws/cloudwatch-agent-operator:2.0.1 (debian 12.8)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

> docker scout cves local://aws/cloudwatch-agent-operator:2.0.1
    i New version 1.16.1 available (installed version is 1.14.0) at https://github.com/docker/scout-cli
          ✓ SBOM of image already cached, 151 packages indexed
    ✗ Detected 2 vulnerable packages with a total of 3 vulnerabilities


## Overview

                    │                Analyzed Image                  
────────────────────┼────────────────────────────────────────────────
  Target            │  local://aws/cloudwatch-agent-operator:2.0.1   
    digest          │  ef7974d05321                                  
    platform        │ linux/amd64                                    
    vulnerabilities │    0C     0H     2M     1L                     
    size            │ 50 MB                                          
    packages        │ 151                                            


## Packages and Vulnerabilities

   0C     0H     1M     1L  github.com/aws/aws-sdk-go 1.45.25
pkg:golang/github.com/aws/aws-sdk-go@1.45.25

    ✗ MEDIUM CVE-2020-8911
      https://scout.docker.com/v/CVE-2020-8911
      Affected range : >=0        
      Fixed version  : not fixed  
    
    ✗ LOW CVE-2020-8912
      https://scout.docker.com/v/CVE-2020-8912
      Affected range : >=0        
      Fixed version  : not fixed  
    

   0C     0H     1M     0L  github.com/go-resty/resty/v2 2.7.0
pkg:golang/github.com/go-resty/resty@2.7.0#v2

    ✗ MEDIUM CVE-2023-45286 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
      https://scout.docker.com/v/CVE-2023-45286
      Affected range : <=v2.10.0                                     
      Fixed version  : not fixed                                     
      CVSS Score     : 5.9                                           
      CVSS Vector    : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N  
    


3 vulnerabilities found in 2 packages
  LOW       1  
  MEDIUM    2  
  HIGH      0  
  CRITICAL  0  


What's next:
    View base image update recommendations → docker scout recommendations local://aws/cloudwatch-agent-operator:2.0.1

Package vulnerabilities with aws-sdk-go caught by scout don't affect the operator and are not major/high, and it should be addressed in a future release.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

jefchien
jefchien approved these changes Jan 7, 2025
View reviewed changes
@movence movence merged commit dbad550 into main Jan 9, 2025
9 checks passed
@movence movence deleted the upgrade-deps branch January 9, 2025 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jefchien jefchien jefchien approved these changes

@musa-asad musa-asad musa-asad approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@movence @jefchien @musa-asad