Resolve CVE-2022-2097
What does this MR do and why?
Resolve CVE-2022-2097 by updating Alpine packages
Screenshots or screen recordings
Before :
$ docker scan registry.gitlab.com/prod-manager/prod-manager:latest
Testing registry.gitlab.com/prod-manager/prod-manager:latest...
✗ Low severity vulnerability found in openssl/libcrypto1.1
Description: CVE-2022-2097
Info: https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-2941806
Introduced through: openssl/libcrypto1.1@1.1.1o-r0, openssl/libssl1.1@1.1.1o-r0, .python-rundeps@20220607.192557, apk-tools/apk-tools@2.12.9-r3, busybox/ssl_client@1.35.0-r13, ca-certificates/ca-certificates@20211220-r0, krb5-conf/krb5-conf@1.0-r2
From: openssl/libcrypto1.1@1.1.1o-r0
From: openssl/libssl1.1@1.1.1o-r0 > openssl/libcrypto1.1@1.1.1o-r0
From: .python-rundeps@20220607.192557 > openssl/libcrypto1.1@1.1.1o-r0
and 9 more...
Image layer: 'apk add --update --no-cache make ca-certificates'
Fixed in: 1.1.1q-r0
Package manager: apk
Project name: docker-image|registry.gitlab.com/prod-manager/prod-manager
Docker image: registry.gitlab.com/prod-manager/prod-manager:latest
Platform: linux/amd64
Base image: python:3.10.5-alpine3.16
Tested 38 dependencies for known vulnerabilities, found 1 vulnerability.
According to our scan, you are currently using the most secure version of the selected base image
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp
After:
$ docker scan prod-manager:be77b7a377f0d3c9fcb092298550bb0337fa0a9e
Testing prod-manager:be77b7a377f0d3c9fcb092298550bb0337fa0a9e...
Package manager: apk
Project name: docker-image|prod-manager
Docker image: prod-manager:be77b7a377f0d3c9fcb092298550bb0337fa0a9e
Platform: linux/amd64
Base image: python:3.10.5-alpine3.16
✔ Tested 38 dependencies for known vulnerabilities, no vulnerable paths found.
According to our scan, you are currently using the most secure version of the selected base image
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp
MR acceptance checklist
-
My code follows the style guidelines of this project -
I ran pylint and other linters for modified files -
I have performed a self-review of my own code and tested it -
I have commented my code, particularly in hard-to-understand areas -
My changes generate no new warnings -
My code needed automated testing. I have added them (this is optional task) -
I have added user readable comment in the CHANGELOG
Closes #62 (closed)
Edited by Guillaume MARTINEZ