Perform scans on our Debian-based CNG containers
Summary
Customer raised a ticket after they scanned the container image: gitlab-org/build/cng/gitlab-webservice-ee
and it returned a number of critical and high operating system security issues. They'd scanned 13.6.3 shortly after 13.7.0 was released, so it was broadly current.
Steps to reproduce
Perform a security scan of our container images.
Current behavior
Security issues are found in the base image for our GitLab containers, and there's no timeframe for resolving these.
Expected behavior
Security issues may be found in the base images, but we have a clear policy and timeframe for updating the base image to address this.
Versions
- CNG: 13.6.3+
Related issues
- #2573 (moved): specify the Debian container versions
- #2574 (moved): policy around base image versions