Security scan reports high level vulnerabilities in ironic and ironic-inspector images

[digambar15]

I am working on checking image level security issues and found that Ironic and Ironic-inspector images are not passing security tests and reported more 5 high level security issues by scanning tool in CI/CD. I think all the reported security level issues should be fixed on priority.

Below are the details -

1. Security vulnerability issues reported for images below

• Ironic - https://quay.io/repository/metal3-io/ironic/manifest/sha256:13d191ecd750d112e66783e872cbd5d1d0eed0d60c65ccf508f5ec2d9c2434ae?tab=vulnerabilities

• Ironic-inspector - https://quay.io/repository/metal3-io/ironic-inspector/manifest/sha256:7bb3423b81f8d316463727af25ec70591bf8e984b5cf93634c98657aeb214e6e?tab=vulnerabilities

[furkatgofurov7]

/kind bug

[digambar15]

I can also see security vulnerabilities for BMO image also - https://quay.io/repository/metal3-io/baremetal-operator/manifest/sha256:3871acbe77d381e51f0fa5f6041d321805f78ea5ebd4909d8c69c74b03e9cc44?tab=vulnerabilities

[metal3-io-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues will close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[metal3-io-bot]

Stale issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle stale.

/close

[metal3-io-bot]

@metal3-io-bot: Closing this issue.

In response to this:

Stale issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle stale.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.