Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the side-cars to the latest to mitigate the CVEs #1246

Merged
merged 1 commit into from
Jan 19, 2024
Merged

Bump the side-cars to the latest to mitigate the CVEs #1246

merged 1 commit into from
Jan 19, 2024

Conversation

mskanth972
Copy link
Contributor

@mskanth972 mskanth972 commented Jan 19, 2024
edited
Loading

Is this a bug fix or adding new feature?

What is this PR about? / Why do we need it?
Bump the side-cars to the latest to mitigate the CVEs

What testing is done?

mskanth@bcd07411789d ~ % trivy image public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.11.0-eks-1-29-2
2024-01-18T20:17:43.560-0500	INFO	Vulnerability scanning is enabled
2024-01-18T20:17:43.560-0500	INFO	Secret scanning is enabled
2024-01-18T20:17:43.560-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-01-18T20:17:43.560-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2024-01-18T20:17:52.436-0500	INFO	Detected OS: amazon
2024-01-18T20:17:52.436-0500	INFO	Detecting Amazon Linux vulnerabilities...
2024-01-18T20:17:52.437-0500	INFO	Number of language-specific files: 1
2024-01-18T20:17:52.437-0500	INFO	Detecting gobinary vulnerabilities...

public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.11.0-eks-1-29-2 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

mskanth@bcd07411789d ~ % trivy image public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.9.3-eks-1-29-2
2024-01-18T20:26:46.164-0500	INFO	Vulnerability scanning is enabled
2024-01-18T20:26:46.164-0500	INFO	Secret scanning is enabled
2024-01-18T20:26:46.164-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-01-18T20:26:46.164-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2024-01-18T20:26:53.760-0500	INFO	Detected OS: amazon
2024-01-18T20:26:53.760-0500	INFO	Detecting Amazon Linux vulnerabilities...
2024-01-18T20:26:53.760-0500	INFO	Number of language-specific files: 1
2024-01-18T20:26:53.760-0500	INFO	Detecting gobinary vulnerabilities...

public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.9.3-eks-1-29-2 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

mskanth@bcd07411789d ~ % trivy image public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.6.3-eks-1-29-2 
2024-01-18T20:27:10.092-0500	INFO	Vulnerability scanning is enabled
2024-01-18T20:27:10.092-0500	INFO	Secret scanning is enabled
2024-01-18T20:27:10.092-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-01-18T20:27:10.092-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2024-01-18T20:27:33.932-0500	INFO	Detected OS: amazon
2024-01-18T20:27:33.932-0500	INFO	Detecting Amazon Linux vulnerabilities...
2024-01-18T20:27:33.932-0500	INFO	Number of language-specific files: 1
2024-01-18T20:27:33.932-0500	INFO	Detecting gobinary vulnerabilities...

public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.6.3-eks-1-29-2 (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Tested both on the public registry and private registry images

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 19, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mskanth972

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 19, 2024
@mskanth972 mskanth972 mentioned this pull request Jan 19, 2024
Merged
@mskanth972 mskanth972 merged commit 8d55e36 into kubernetes-sigs:master Jan 19, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d-nishi d-nishi Awaiting requested review from d-nishi

@seanzatzdev-amazon seanzatzdev-amazon Awaiting requested review from seanzatzdev-amazon

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mskanth972 @k8s-ci-robot