Giter Site home page Giter Site logo

chaoscypher / dockerfile-minimal-terraform Goto Github PK

View Code? Open in Web Editor NEW
0.0 0.0 1.0 635 KB

This repository aims to create a useful, and minimal docker container that exposes the terraform binary to a host machine.

License: MIT License

Dockerfile 100.00%
dockerfile github-actions minimal terraform

dockerfile-minimal-terraform's People

Contributors

chaoscypher avatar dependabot[bot] avatar

Watchers

avatar

dockerfile-minimal-terraform's Issues

CVE detected in terraform go binary

Related to hashicorp/terraform#33158

The scratch image produced at the end of the CI workflow is being flagged by Trivy as the terraform binary has a CVE as seen below.

====================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                    Title                     │
├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2022-41723 │ HIGH     │ v0.6.00.7.0         │ avoid quadratic complexity in HPACK decoding │
│                  │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-41723   │
└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘

It's also present in the sbom scan as seen below:

NAME                            INSTALLED                           FIXED-IN  TYPE       VULNERABILITY        SEVERITY 
github.com/hashicorp/terraform  v0.0.0-20230426175411-6c2c6cfa1b55            go-module  CVE-2018-9057        Critical  
github.com/hashicorp/terraform  v0.0.0-20230426175411-6c2c6cfa1b55            go-module  CVE-2019-19316       High      
github.com/hashicorp/terraform  v0.0.0-20230426175411-6c2c6cfa1b55            go-module  CVE-2021-36230       High      
golang.org/x/net                v0.6.0                              0.7.0     go-module  GHSA-vvpx-j8f3-3w6h  High

We'll have to wait for hashicorp to patch this go module.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.