Support for distroless in node_exporter #260
Comments
|
This belongs in promu. |
|
What needs to be done to fix these vulnerabilities. Any idea? |
@SuperQ : Kind ping. |
|
This is a low priority task, as there is no vulnerability. Your security scanner is faulty. Please do not report raw vulnerability scanner results. They are prone to false positives and cause the Prometheus team toil in verifying. Please verify vulnerability reports and include specific details as to which components are directly exploitable. Please also include a reproduction case. |
|
In this specific case, the node_exporter does not openssl or libssl, as the software is written in Go and uses Go's TLS implemenation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerability ID: 181818
Hi,
We are running prometheus node-exporter in production and we frequently get OS related vulnerabilities which. This time we got vulnerabilities for openssl and libssl. We want to understand if there is a plan to move to distroless so that we can avoid patching these kind of vulnerabilities in future. I was reading one thread where its mentioned that support for distroless containers will be available soon.
prometheus/node_exporter#2046
Could you please share if its already in plan and if yes, when can we get this new image.
The text was updated successfully, but these errors were encountered: