Friday, 2021-03-05

« Thursday, 2021-03-04 Index Saturday, 2021-03-06 »
*** fuentess has quit IRC00:19
kata-irc-bot<eric.adams> @eric.ernst Have you ever heard of https://github.com/aquasecurity/trivy ?  It is an open source container image scanner looking for potential vulnerabilities released by Aqua Security. I am taking a kubernetes security training course and learned about it there. When I ran it on the kata-deploy image it found a lot of medium and high potential security issues.  It also found a lot of issues on the centos/systemd container image that00:34
kata-irc-botkata-deploy is based off of. By comparison the alpine image was very clean. The ubuntu image not so much.00:34
kata-irc-bot<eric.ernst> sweet!00:35
kata-irc-bot<eric.ernst> Yeah, ultimately that's scanning the base image, centos00:35
kata-irc-bot<eric.adams> It seems like a pretty good tool.   If all the kata-deploy image is doing is running some scripts to copy files over it might be worth switching over to the alpine or another image that passes this tool.  I don't know a ton about this tool so I'd appreciate if others chimed in.00:56
kata-irc-bot<eric.ernst> it needed systemd01:51
*** irclogbot_0 has quit IRC02:52
*** irclogbot_1 has joined #kata-dev02:54
*** egernst_ has joined #kata-dev04:32
*** egernst_ has quit IRC05:01
*** Yarboa has quit IRC05:41
*** Yarboa has joined #kata-dev05:44
*** egernst_ has joined #kata-dev06:21
*** egernst_ has quit IRC07:19
*** sameo has joined #kata-dev07:22
*** hbrueckner has joined #kata-dev07:28
*** Yarboa has quit IRC07:31
*** Yarboa has joined #kata-dev07:34
*** sgarzare has joined #kata-dev07:48
*** dklyle has quit IRC08:01
*** jodh has joined #kata-dev08:05
*** fgiudici has joined #kata-dev08:20
*** egernst_ has joined #kata-dev09:16
kata-irc-bot<wmoschet> hi! In case you have some cycles, I am looking for reviews to https://github.com/kata-containers/kata-containers/pull/134913:44
*** fuentess has joined #kata-dev14:16
*** sameo has quit IRC14:40
*** sameo has joined #kata-dev14:43
*** ailan has joined #kata-dev14:49
kata-irc-bot<fidencio> @fupan, I have no words to thank you!14:54
*** ailan has quit IRC14:56
kata-irc-bot<eric.adams> @eric.ernst Really?  I thought the kata-deploy image just copied some binaries around.15:01
kata-irc-bot<eric.ernst> I believe it needs systemctl to interact w host services.15:06
*** th0din_ has quit IRC15:40
*** th0din has joined #kata-dev15:42
*** dklyle has joined #kata-dev15:43
*** fuentess has quit IRC17:17
*** hbrueckner has quit IRC17:42
*** fuentess has joined #kata-dev17:50
*** dklyle has quit IRC17:52
*** dklyle has joined #kata-dev17:52
*** irclogbot_1 has quit IRC18:03
*** irclogbot_3 has joined #kata-dev18:04
*** jodh has quit IRC18:08
*** fuentess has quit IRC18:13
*** fuentess has joined #kata-dev18:16
*** irclogbot_3 has quit IRC18:24
*** irclogbot_2 has joined #kata-dev18:27
*** egernst has quit IRC18:48
*** egernst__ has joined #kata-dev18:48
*** fuentess has quit IRC18:52
*** egernst__ has quit IRC19:01
*** egernst has joined #kata-dev19:02
*** sgarzare has quit IRC19:48
*** fuentess has joined #kata-dev20:26
kata-irc-bot<eric.ernst> I was looking to add a couple of tests which were complicated enough that I didn't want to use bash (tests over debug-console).20:57
kata-irc-bot<eric.ernst> It seems that by design at this point, we really don't expose the toml config in katautils, so its harder to pragmatically change settings to the existing config. ie, i'd like to read the config in, modify settings, then write it back to the file and run tests.20:58
kata-irc-bot<eric.ernst> @gabriela.cervantes.te or devimc -- have we had ginkgo based tests that modify the toml, env?20:59
kata-irc-bot<gabriela.cervantes.te> mmm...I do not think so21:21
*** sameo has quit IRC21:25
*** fgiudici has quit IRC22:12
« Thursday, 2021-03-04 Index Saturday, 2021-03-06 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!