https://prefect.io logo
Title
j

Jean-Michel Provencher

03/07/2022, 9:20 PM
Hi, I’m using the docker image
prefecthq/prefect:1.0.0
and when scanning the docker image with Snyk I’m getting up to 114 security issues, as well as 8 critical vulnerabilities. Are you guys planning on fixing them in the base docker image?
k

Kevin Kho

03/07/2022, 9:22 PM
Hi @Jean-Michel Provencher, I’ll need to check with the team on that
j

Jean-Michel Provencher

03/07/2022, 9:24 PM
Updating some c++ libraries used in the image would probably do most of the job, but it would probably better if it’s done on your side than on mine
z

Zanie

03/07/2022, 9:32 PM
Historically, the vast majority of vulnerabilities are not actually applicable when audited by an engineer. We are not pinning our apt requirements and should be getting the latest with each release. We’re basing our image from the official Python image (https://github.com/PrefectHQ/prefect/blob/master/Dockerfile).
:upvote: 1