synbiohub icon indicating copy to clipboard operation
synbiohub copied to clipboard
verified publisher icon SynBioHub

Out-of-date base images

Open cjmyers opened this issue 4 years ago • 0 comments

Regarding out-of-date base images:

  • The virtuoso docker image is built on Ubuntu 16.04, which is out of support.
  • The autoheal docker image is based on Alpine 3.13.5, which has some security issues fixed in the next release.
  • The synbiohub docker image is based on Node v11.1.0 and Alpine 3.8.1, both of which have security issues fixed in later releases.

Docker.com has made a tool called Snyk available to check containers for vulnerabilities. The SynBioHub team might want to try it out. I would guess that we (NIST/MML) will want to build the containers from scratch so we can keep track of what’s inside and to update them at will.

cjmyers avatar Dec 13 '21 00:12 cjmyers