Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update container image to address vulnerabilities #999

Closed
ian-noaa opened this issue Jul 6, 2023 · 0 comments · Fixed by #1000
Closed

Update container image to address vulnerabilities #999

ian-noaa opened this issue Jul 6, 2023 · 0 comments · Fixed by #1000
Assignees
@ian-noaa
Labels
build Improvements or additions to the build process CI/CD Improvements or additions to the CI & deployment process dependencies Pull requests that update a dependency file task An actionable item of work

Comments

@ian-noaa
Copy link
Collaborator

ian-noaa commented Jul 6, 2023

GSL's Sysdig scanner noticed a few issues with the Debian-provided versions of pip, wheel, setuptools, and numpy that are included with the image. Make sure we update those and switch to installing our Python application dependencies with pip instead of apt.

We originally installed our Python dependencies with apk instead of pip as that was easier in Alpine Linux's musl-based environment. However, we're now on a Debian-based image so pip-based installs should be very well supported.
@ian-noaa ian-noaa added task An actionable item of work build Improvements or additions to the build process CI/CD Improvements or additions to the CI & deployment process dependencies Pull requests that update a dependency file labels Jul 6, 2023
@ian-noaa ian-noaa self-assigned this Jul 6, 2023
@ian-noaa ian-noaa mentioned this issue Jul 12, 2023
Closed
@ian-noaa ian-noaa linked a pull request Jul 13, 2023 that will close this issue
Update container image to address vulnerabilities #1000
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ian-noaa ian-noaa

Labels
build Improvements or additions to the build process CI/CD Improvements or additions to the CI & deployment process dependencies Pull requests that update a dependency file task An actionable item of work
Projects
None yet
Milestone
No milestone
1 participant
@ian-noaa