Hey folks, I'm in a bit of a bind and could use your insights. Before we can deploy our Docker images to production, they have to pass a Sysdig scan, but it's proving to be quite the challenge. I'm currently away from my work PC, so I can't provide all the specific details right now.
I've been using the latest UBI9 image and facing multiple issues with Docker components, especially nested Docker like runc, due to some vulnerabilities in the Go libraries that came to light recently. Even when I switched to the RHEL 9 Docker test branch, the same vulnerabilities persist, which makes me think they might be using the same Go setup.
This reminds me of a situation I had with Terraform, where I ended up compiling it from source to clear the Sysdig scan. However, I'm really not looking to go through the hassle of compiling Docker from scratch!
I'm not a Sysdig expert by any means, but I can't believe we're the only ones dealing with these problems. While the vulnerabilities may be valid, it seems unreasonable for it to take weeks or even months to get a build that can pass these scans. I'm at my wits' end since I haven't found much help through Google or elsewhere.
2 Answers
I get where you're coming from, but why are you trying to push a Docker-on-Docker setup into production? Both Docker and Terraform are usually used to build or deploy other applications. What am I missing here?
I work at Sysdig and can help you connect with someone who can offer assistance if you're still having a tough time with this. Just let me know if you'd like to discuss it further!
Related Questions
Convert Json To Xml
Bitrate Converter
JavaScript Multi-line String Builder
GUID Generator
GUID Validator
Convert Json To C# Class