You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I understand, there are two things getting mixed here. The fact that the image has (low severity) security concerns, and the idea that a fix would be "easily available".
What the error-looking warning currently means (using registry.opensource.zalan.do/stups/openjdk:8-cd28) is that there may be problems and I cannot do anything about it.
Suggestion for improvement:
show such a warning (maybe not in red) if there are concerns
show a separate line if I'm not applying the latest base image, i.e. I can do something about it
Currently, the red is simply adding to my stress level, without me being able to do anything about it. Its counter-empowering.
In case I can do something to solve this, please educate me.
The text was updated successfully, but these errors were encountered:
The title of this issue mentions Taupage and I don't think Taupage is related to the problem. The CVE check is based on the Docker image and Clair is the tool responsible for the evaluation.
I'd also challenge that you wouldn't be able to do something about it. Such base images likeregistry.opensource.zalan.do/stups/openjdk:8-cd28, often used as base images for our JVM applications, are provided as a convenience. This doesn't mean that you're forced to use them as your base image and it also doesn't mean that you can't contribute to improving the base image for others.
As a reference, you could query which CVEs were found for that particular image:
Alternatively, you could brew your own base image or chose another that you believe doesn't have any vulnerabilities. Clair will still evaluate it for you.
I'm inclined to agree that LOW level CVEs should deserve a less noisy warning.
You probably have seen this at
senza create
:As far as I understand, there are two things getting mixed here. The fact that the image has (low severity) security concerns, and the idea that a fix would be "easily available".
What the error-looking warning currently means (using
registry.opensource.zalan.do/stups/openjdk:8-cd28
) is that there may be problems and I cannot do anything about it.Suggestion for improvement:
Currently, the red is simply adding to my stress level, without me being able to do anything about it. Its counter-empowering.
In case I can do something to solve this, please educate me.
The text was updated successfully, but these errors were encountered: