-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add kube-fluentd-operator #1086
add kube-fluentd-operator #1086
Conversation
23d3b9a
to
b4df38a
Compare
current CVE count
|
CVE analysis:
The grpc and redis CVEs are false positives and @luhring has had a fix merged in Syft to remove these anchore/syft#1926 OpenSSL related ones are also false positives and will not appear once another @luhring PR is released anchore/syft#1897 That leaves Last one Result will be near zero CVEs once the PRs above are released and advisory data to cover remaining ones. |
Signed-off-by: James Rawlings <jrawlings@chainguard.dev>
b4df38a
to
8fb93d7
Compare
Signed-off-by: James Rawlings <jrawlings@chainguard.dev>
01bf6be
to
87c72f7
Compare
OK think this is ready now @imjasonh |
… / flux-source-controller-0 / istio-pilot-discovery-fips-1.19 / spire-server-fips / vault-fips-1.14 (chainguard-images#1086) * mitigate GHSA-2c7c-3mj9-8fqh for cert-manager-fips-1.13 * mitigate GHSA-2c7c-3mj9-8fqh for cilium-fips * mitigate GHSA-2c7c-3mj9-8fqh for flux-source-controller-0 * mitigate GHSA-2c7c-3mj9-8fqh for istio-pilot-discovery-fips-1.19 * mitigate GHSA-2c7c-3mj9-8fqh for spire-server-fips * mitigate GHSA-2c7c-3mj9-8fqh for vault-fips-1.14 * spire-server-fips package bumpt to 1.8.5
Quality Requirements for Images PRs
The items in this checklist should all be checked in the PR with exceptions clearly documented.
The general idea is that to the extent possible, the image should be a drop-in replacement to its public counterpart.
For new image PRs only
If you have an apko.yaml file in this PR you need to follow this checklist, otherwise feel free to remove.
Include tests, sufficient enough that you would trust this image running in production.
Perform manual tests as needed and document your testing results
The version included is the latest GA version of the software
The latest tag points to the newest stable version
There is a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base')
The image runs as
nonroot
and GID/UID are set to 65532 or upstream defaultThe image contains the ca-certs bundle if needed
ENTRYPOINT
CMD:
–help
Add annotations e.g:
docker kill $(docker run -d --rm cgr.dev/chainguard/nginx)
Documentation Requirements