Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: cbf691950e07186475de0f703dce297b3414ed09
https://github.com/tribe29/checkmk/commit/cbf691950e07186475de0f703dce297b3…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M tests/docker/test_docker.py
Log Message:
-----------
Remove unnecessary build arg
The download credentials are downloaded by a sidecar container, so this
arg is not used.
Change-Id: I1fe16823e8c73fcc05f33b205086f7acb94c6ab1
Commit: 0eac0636f7f87e7c573ec239d29d3582978815d4
https://github.com/tribe29/checkmk/commit/0eac0636f7f87e7c573ec239d29d35829…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M docker/Dockerfile
Log Message:
-----------
Make CREDENTIALS_URL a build_arg
When trying to build the container locally the network setup is kinda
difficult. Now you can have a *python SimpleHTTPServer* aka `python -m
http.server 8000` running and serving the secret file.
Change-Id: I15ed06b95e4e0e4c65bffc43ea872e0fcd57ff70
Commit: 80fc4b8883afcac0f3f043b7d6ccb9e7edda43b1
https://github.com/tribe29/checkmk/commit/80fc4b8883afcac0f3f043b7d6ccb9e7e…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
A .werks/14918
M buildscripts/docker_image_aliases/IMAGE_CMK_BASE/Dockerfile
M buildscripts/docker_image_aliases/IMAGE_CMK_BASE/meta.yml
M docker/Dockerfile
M docker/Makefile
M tests/docker/test_docker.py
Log Message:
-----------
14918 SEC Change base image of docker container
With this Werk we change the base image of the Checkmk docker container from Debian buster
to Ubuntu jammy.
Ubuntu jammy has more up to date packages.
This should reduce the amount of "vulnerabilities" found in the docker container
by ~90%.
Please note that these vulnerabilities are either fixed by a backport of the fix or the
configuration did not allow a exploitation.
The packages in the container were updated whenever a new container was build.
Unfortunately not all vulnerability-scanners were able to recognise this.
To our knowledge none of the vulnerabilities were exploitable.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
Change-Id: I9129099f9f5bb814c3c9a5893f7be1229eaa7d8d
Compare:
https://github.com/tribe29/checkmk/compare/4ad899a88e99...80fc4b8883af