HoustonPutman opened a new issue #294: URL: https://github.com/apache/solr-operator/issues/294
The security report for the Solr Operator Docker image on it's [ArtifactHub page](https://artifacthub.io/packages/helm/apache-solr/solr-operator) is not very good. This is due mostly to the fact that the base image contains multiple known vulnerabilities. The current base image is `gcr.io/distroless/base:debug-nonroot`, and the vulnerabilities come from the fact that we are using the `base` image, not because it's a `debug` image. If we instead use `gcr.io/distroless/static:debug-nonroot`, these vulnerabilities go away. The base image isn't the whole story. Some of the GoLang libraries that the Solr Operator depends on contain vulnerabilities as well, however removing those will require an upgrade of Kubernetes versions which we cannot currently do. Solving the base-image is the first, and larger, step. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
