Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update example containers to fix security vulnerabilities #1154

Closed
roberthbailey opened this issue Oct 26, 2019 · 4 comments
Closed

Update example containers to fix security vulnerabilities #1154

roberthbailey opened this issue Oct 26, 2019 · 4 comments
Assignees
@aLekSer
Labels
area/security Issues pertaining to security good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! kind/feature New features for Agones stale Pending closure unless there is a strong objection.
Milestone
1.27.0

Comments

@roberthbailey
Copy link
Member

While working on #1126 and verifying that the new images were successfully uploaded, I noticed that many of our images have vulnerabilities that are identified by Google's automated image analysis.

Most of the vulnerabilites are probably just because we are using older dependencies in the base image layers (e.g. linux distro with outdated glibc) and should be easy to fix by going through the Dockerfiles and updating them to pick up patches.
@roberthbailey roberthbailey added kind/feature New features for Agones help wanted We would love help on these issues. Please come help us! good first issue These are great first issues. If you are looking for a place to start, start here! area/security Issues pertaining to security labels Oct 26, 2019
@roberthbailey roberthbailey mentioned this issue Oct 26, 2019
Merged
@aLekSer
Copy link
Collaborator

aLekSer commented May 4, 2020
edited
Loading

Have enabled containers security analysis, now I am able to see them. Useful links to enable this feature:
https://cloud.google.com/container-registry/docs/enabling-disabling-container-analysis
https://cloud.google.com/container-registry/docs/get-image-vulnerabilities
Main 4 images agones-controller, agones-sdk, agones-ping and agones-allocator does not have any security vulnerabilities.
However build image has, most of them should be fixed by using buster Debian release instead of stretch.

@aLekSer aLekSer self-assigned this May 4, 2020
@aLekSer aLekSer mentioned this issue May 4, 2020
Merged
This was referenced Jun 3, 2020
Merged
Merged
@SaitejaTamma SaitejaTamma mentioned this issue Jun 2, 2022
Merged
@markmandel
Copy link
Member

Just looking through the examples - with the exclusion of the Unity sample (which requires a Unity licence to update, which requires so work to get 😄 ) everything else looks relatively up to date.

I'm figuring we close this, and if need be open a specific ticket to update the Unity example ?

@markmandel markmandel added the stale Pending closure unless there is a strong objection. label Jul 28, 2022
@roberthbailey
Copy link
Member Author

I'm figuring we close this, and if need be open a specific ticket to update the Unity example?

sounds good to me.

@markmandel
Copy link
Member

Looks like we marked this stale in July 😄 - going close it, since there is no objections.

@mangalpalli mangalpalli added this to the 1.27.0 milestone Oct 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aLekSer aLekSer

Labels
area/security Issues pertaining to security good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! kind/feature New features for Agones stale Pending closure unless there is a strong objection.
Projects
None yet
Milestone
1.27.0
Development

No branches or pull requests
4 participants
@markmandel @aLekSer @roberthbailey @mangalpalli