You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
At times, critical or high severity vulnerabilities are discovered in the distro base images that kairos uses. There are two problems:
Identifying risks on older releases of kairos standard images is a manual process for kairos devs (yes?) and for kairos users.
Because kairos will architecturally immutable, the kairos release cycle is generally the "rate-limiting step" for rolling out fixes.
Describe the solution you'd like
The kairos CLI should be able to report the known CVEs for the running image if it comes from the quay.io registry (this could be compiled into a json/yaml file by a periodic github action that the consults the quay.io scans)
A github action that triggers hotfix releases when they are available.
The text was updated successfully, but these errors were encountered:
jbalonso
added
enhancement
New feature or request
triage
Add this label to issues that should be triaged and prioretized in the next planning call
labels
Jul 4, 2024
If we complete the work on the #1914 - we can just expose a very simple way to rebuild images to fix CVEs at OS base image level.
However, this won't cover CVEs that might affect Kairos components versions, however - we can have a github action that trigger hotfixes to our framework images, which is considerably easier then having a full kairos release.
Is your feature request related to a problem? Please describe.
At times, critical or high severity vulnerabilities are discovered in the distro base images that kairos uses. There are two problems:
Identifying risks on older releases of kairos standard images is a manual process for kairos devs (yes?) and for kairos users.
Because kairos will architecturally immutable, the kairos release cycle is generally the "rate-limiting step" for rolling out fixes.
Describe the solution you'd like
The kairos CLI should be able to report the known CVEs for the running image if it comes from the quay.io registry (this could be compiled into a json/yaml file by a periodic github action that the consults the quay.io scans)
A github action that triggers hotfix releases when they are available.
The text was updated successfully, but these errors were encountered: