Bug: A lot of CVEs in the devtron images (Fixable!)
#6311
Assignees
Labels
Comments
rirze
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
📜 Description
You check the full report here:
https://artifacthub.io/packages/helm/devtron/devtron-operator
There's an abnormal amount of fixabled CVEs in the docker images that I see here. I'm pretty sure running a package manager update would fix many of these issues.
The reason I bring this up is so I can showcase this application for my company project, but if they see the current security report, they will 100% deny its adoption. If a lot of these could be fixed, it would my case better.
👟 Reproduction steps
Go to https://artifacthub.io/packages/helm/devtron/devtron-operator
Then click on "Full Report":
👍 Expected behavior
It should not have so many vulnerabilities.
👎 Actual Behavior
It has a lot of vulnerabilities.
☸ Kubernetes version
Any.
Cloud provider
🌍 Browser
Chrome
🧱 Your Environment
No response
✅ Proposed Solution
Perform docker image OS updates and update service dependencies so that CVEs are mitigated.
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: