Ofir
05/15/2023, 9:17 PM✗ Critical severity vulnerability found in curl/libcurl3-gnutls
Description: Cleartext Transmission of Sensitive Information
Info: <https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493>
Introduced through: git@1:2.30.2-1+deb11u2
From: git@1:2.30.2-1+deb11u2 > curl/libcurl3-gnutls@7.74.0-1.3+deb11u7
This comes from Prefect’s Dockerfile line 101:
https://github.com/PrefectHQ/prefect/blob/main/Dockerfile#L101
Is Git actually needed and used within the Prefect server / Prefect agents? If so, why?
Can I remove it or will it break Prefect?Zanie
Zanie
git
to retrieve flow run source code.Ofir
05/15/2023, 9:24 PMgit
being called?Ofir
05/15/2023, 9:25 PMprefect deployments build \
our_workflow.py:run_our_workflow \
--name run_our_workflow \
--path /usr/src/app \
--work-queue test \
--skip-upload \
--apply
Zanie
Ofir
05/15/2023, 9:27 PM/v1/deployments/flow-run/create_flow_run
Ofir
05/15/2023, 9:27 PMgit
used?Zanie
Zanie
Zanie
Ofir
05/15/2023, 9:29 PMOfir
05/15/2023, 9:30 PMZanie
Ofir
05/15/2023, 9:31 PMOfir
05/15/2023, 9:33 PMOfir
05/15/2023, 9:33 PMOfir
05/15/2023, 9:34 PMOfir
05/15/2023, 9:34 PMZanie
Zanie