Replies: 1 comment 4 replies
-
| This is known. The issue is simply that we do not have the necessary setup to rebuild the base images for fixed vulnerabilities. We use Github Actions to build the images, and for most components images are build on component release. If months later a new vulnerability in one of the base image components is found: bad luck, our CI pipeline is not set up to do a rebuild. The images from here are bit different, as there we rebuild on every push to master, but currently this also only happens on actual changes. Ideally, we would have a setup that automatically rebuild the latest image for every component once there is a fix. However, I am currently not aware of a CI setup that would allow that. We are open for contributions. PS: You are not using the latest Piraeus release, so please first update to 2.9.0. It probably won't fix everything, but at least the images are a bit newer.... | 
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Piraeus is by far the container with most vulnerabilities currently in my environment. I have recently introduced Trivy Operator to scan for vulnerabilities.
Is this known, how could I contribute to improving this?
Who is responsible for
piraeus-serverandpiraeus-csi(the ones with the most vulns)?Piraeus Operator: 2.8.1 (as of 7/7/25):

Piraeus Operator: 2.9.0 (as of 7/7/25):

Note: The grafana dashboard is a bit misleading (I think numbers are too high), because it seemingly aggregates the number of Vulnerabilities across the deployment components (3 replicas etc.)
Beta Was this translation helpful? Give feedback.
All reactions