-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sriov-cni v2.6.2 container image security vulnerabilities #202
Comments
I will take a look |
/cc @wizhaoredhat |
@rollandf should we just switch the image to centos or something else? |
@SchSeba Yes, agree. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened?
HIGH vulnerabilities found in sriov-cni version 2.6.2 container image(ghcr.io/k8snetworkplumbingwg/sriov-cni:v2.6.2)
REPORT:
What did you expect to happen?
0 HIGH and CRITICAL security vulnerabilities
What are the minimal steps needed to reproduce the bug?
By running
trivy i --no-progress -s HIGH,CRITICAL --vuln-type os --exit-code 1 ghcr.io/k8snetworkplumbingwg/sriov-cni:v2.6.2
Anything else we need to know?
Component Versions
Please fill in the below table with the version numbers of applicable components used.
Config Files
Config file locations may be config dependent.
CNI config (Try '/etc/cni/net.d/')
Device pool config file location (Try '/etc/pcidp/config.json')
Multus config (Try '/etc/cni/multus/net.d')
Kubernetes deployment type ( Bare Metal, Kubeadm etc.)
Kubeconfig file
SR-IOV Network Custom Resource Definition
Logs
SR-IOV Network Device Plugin Logs (use
kubectl logs $PODNAME
)Multus logs (If enabled. Try '/var/log/multus.log' )
Kubelet logs (journalctl -u kubelet)
The text was updated successfully, but these errors were encountered: