zalando
/
postgres-operator
/
9567790807
/
1
45%
master: 45%
master: 45%
|
Ran
|
Files
73
|
Run time
2s
|
Badge
Embed ▾
README BADGES
|
coverage: 41.71%. Remained the same
push
github
web-flowchore: update package dependencies when building image (#2665) * chore: update package dependencies when building image Install available updates alongside installation of packages to remove known vulnerabilities from images. Example for issues in plain alpine:3 image (v3.20): ```sh $ grype alpine:3 ✔ Vulnerability DB [updated] ✔ Loaded image alpine:3 ✔ Parsed image sha256:1d34ffeaff ✔ Cataloged contents dac15f3259bda52fd ├── ✔ Packages [14 packages] ├── ✔ File digests [77 files] ├── ✔ File metadata [77 locations] └── ✔ Executables [17 executables] ✔ Scanned for vulnerabilities [8 vulnerability matches] ├── by severity: 0 critical, 0 high, 6 medium, 0 low, 0 negligible (2 unknown) └── by status: 8 fixed, 0 not-fixed, 0 ignored NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY busybox 1.36.1-r28 1.36.1-r29 apk CVE-2023-42365 Medium busybox 1.36.1-r28 1.36.1-r29 apk CVE-2023-42364 Medium busybox-binsh 1.36.1-r28 1.36.1-r29 apk CVE-2023-42365 Medium busybox-binsh 1.36.1-r28 1.36.1-r29 apk CVE-2023-42364 Medium libcrypto3 3.3.0-r2 3.3.0-r3 apk CVE-2024-4741 Unknown libssl3 3.3.0-r2 3.3.0-r3 apk CVE-2024-4741 Unknown ssl_client 1.36.1-r28 1.36.1-r29 apk CVE-2023-42365 Medium ssl_client 1.36.1-r28 1.36.1-r29 apk CVE-2023-42364 Medium ``` Issue would be solved by also upgrading installed packages: ```sh $ apk -U upgrade --no-cache fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz (1/5) Upgrading busybox (1.36.1-r28 -> 1.36.1-r29) Ex... (continued)
6070 of 14553 relevant lines covered (41.71%)
22.87 hits per line
