Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Current Kube2iam image have vulnerabilities at go.sum and go.mod #374

Open
mahesh101 opened this issue Apr 18, 2024 · 1 comment
Open

Current Kube2iam image have vulnerabilities at go.sum and go.mod #374

mahesh101 opened this issue Apr 18, 2024 · 1 comment

Comments

@mahesh101
Copy link

Hi,

We are using wiz as a image scanning tool, and it has deducted 18 high vulnerabilities in current image, mainly in go.sum and go.mod. requesting you to update it.
have attached the excel sheet with list of vulnerabilities and fixed version, please update it and release new version of it.

kube2iam-vulnerbility.xlsx

Below is the Dockerfile we are using

`golang:1.21.5 AS BUILDER
WORKDIR /go/src/github.com/jtblin/kube2iam
ENV ARCH=linux
ENV CGO_ENABLED=0
COPY . ./
RUN make setup && make build

FROM alpine:3.18.5
RUN apk --no-cache add
ca-certificates
iptables
COPY --from=BUILDER /go/src/github.com/jtblin/kube2iam/build/bin/linux/kube2iam /bin/kube2iam
ENTRYPOINT ["kube2iam"]
`

@mahesh101
Copy link
Author

Hi @jtblin , could you please address above issue. its a security issue we are facing in our organization

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant