Concourse
Replies: 1 comment 1 reply
-
|
Great question! Quite a few years back now we had added image scanning to our pipelines. A lot of these tools picked up CVE's related to OS packages in the image, so stuff not directly related to Concourse (most of the time). Most of these were "fixed" by just re-building the image and pulling the latest packages ( That was the thought back then. Not sure if knowing about that makes it "safe" now. I always felt the practice was a bit overkill. I don't think anyone was really asking for this, but it was easy to do and we just did it at the time. Does this practice make any sense? All the resource-types do this too. Each one has a We should probably re-evaluate how the images are built at some point and trim them down. I think Rui did a bit of that for the resource-types, not sure if that work made it's way into |
Beta Was this translation helpful? Give feedback.
-
|
Hi @taylorsilva - thanks for the quick response, that’s really helpful to understand. Trimming down the images sounds like a good idea, so there’s less components that could have vulnerabilities - but if there are components with vulnerabilities it does probably make sense to rebuild the image. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
We have noticed that the Concourse 7.12.1 Docker image has been re-pushed every weekday at around 19:15 GMT since the 24 January. Each time the image has a different hash, and this has caused concern from a security perspective.
We were wondering whether this is intentional, and what the purpose of re-pushing the image is.
Any information on this would be really appreciated!
Beta Was this translation helpful? Give feedback.
All reactions