Hi All
Does anyone have much experience with hard...
# best-practicest
tom_saunders
01/12/2023, 9:56 AMHi All
Does anyone have much experience with hardening the Meltano docker image (from a security perspective)? We've just had the results back of an image scan with lots of critical and high CVE's. It looks to me like a lot of them are for linux libraries on the base image OS itself rather than within Meltano. In reality I am not concerned about any of the CVE's but I am anticipating the security team asking me to remediate the critical and highs... Any thoughts welcome.
Thanks
w
Will Da Silva (Arch)
01/12/2023, 1:25 PMHi @tom_saunders. We do intend to address the critical (and ideally the high) CVEs. Here is the issue to track that: https://github.com/meltano/meltano/issues/6497
I don't know when this work will be done. Please feel free to give a 👍 to the issue and/or leave your thoughts/findings in a comment there.
s
Sven Balnojan
01/13/2023, 1:49 PMBut the docker file is open, so you can build it yourself and fix a few of the issues if that’s a blocker for you right now.
w
Will Da Silva (Arch)
01/13/2023, 2:05 PMThis is the Dockerfile https://github.com/meltano/meltano/blob/main/docker/meltano/Dockerfile
t
tom_saunders
01/13/2023, 2:06 PMYeah - Just waiting to hear back from security to see if we need to remove the vulns. Thanks for the responses guys!
2 Views