Base images not updated during image build for certain images
Hello,
I was looking over the CI & build scripts for this project to understand the base images in use, and I've noticed that for certain images we use registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/openshift4/ose-operator-registry:<arch> as a base image, as returned by config.py here when build.py is called here. I couldn't see where these base images are being updated though? It seems like we are not automatically updating them as part of the build to ensure we have the latest base images.
The main image I was looking at was registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/gitlab-runner-operator-catalog-source:amd64-v1.23.1 - however this may impact other images.
I've labelled this as bugvulnerability as the end result here is there are many vulnerabilities present in these images which have been addressed in the base image. It should be a quick fix, by making sure the base image is using the latest available image, assuming that image is regularly being refreshed from the latest Red Hat image.
Running the below two commands and comparing the results will demonstrate the issue:
grype registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/gitlab-runner-operator-catalog-source:amd64-v1.23.1grype registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/openshift4/ose-operator-registry:amd64