Skip to content

Commit

Permalink
PCP-3441: Fix CVE-2024-38428 (#60)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jayesh-srivastava
jayesh-srivastava authored Sep 9, 2024
1 parent bf42439 commit 4af64e0
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,18 @@ RUN scan-govulncheck.sh manager

# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
#FROM gcr.io/distroless/static:latest
FROM gcr.io/spectro-images-public/build-base-images/openssl-fips-ktls:3.2-alpine3.20
RUN rm /usr/lib/engines-3/padlock.so
RUN rm /lib/libcrypto.so.3
RUN rm /usr/lib/ossl-modules/legacy.so
RUN rm -rf /opt/openssl-*
RUN addgroup -S spectro
RUN adduser -S -D -h / spectro spectro
USER spectro
FROM gcr.io/distroless/static:nonroot
#FROM gcr.io/spectro-images-public/build-base-images/openssl-fips-ktls:3.2-alpine3.20
#RUN rm /usr/lib/engines-3/padlock.so
#RUN rm /lib/libcrypto.so.3
#RUN rm /usr/lib/ossl-modules/legacy.so
#RUN rm -rf /opt/openssl-*
#RUN apk del --rdepends wget
#RUN rm /usr/bin/wget
#RUN addgroup -S spectro
#RUN adduser -S -D -h / spectro spectro
#USER spectro
WORKDIR /
COPY --from=builder /workspace/manager .
USER 65532
ENTRYPOINT ["/manager"]

0 comments on commit 4af64e0

Please sign in to comment.