Peter Baumann
Peter Baumann
Proof of concept to allow authentication via PAT (Personal Access Token). To test, set the environment variable GITTFS_PAT Remove TFS2008 support, as this causes issues with supporting authentication via PAT.
***EDITED: to fix copy&paste error for the table.md content*** I have a quite strange behaviour that when using the pandoc-fignos filter via python, e.g. using ` cat document.json| python -m...
You are using quite an old version of telegraf (version 1.21), see https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/6dce6a9d51401ab8f11cf10f8b64d06c700eb481/charts/csi-secrets-store-provider-azure/templates/arc-monitoring.yaml#L86C19-L86C79 This shows up for us in a security monitoring with CVE-2021-3999 for glibc. Nevertheless, it seems that...
**Describe the bug** K2s is using [Debian 11](https://github.com/Siemens-Healthineers/K2s/blob/0dfbaa0ecfaf08f3bf421d82ac168733b1d92af1/lib/modules/k2s/k2s.node.module/linuxnode/baseimage/base-image.module.psm1#L54) for the Linux virtual machine, which according to https://wiki.debian.org/DebianReleases#Production_Releases has EOL in 7/2024. **Expected behavior** k2s should use a supported Linux distribution,...
registry.k8s.io/metrics-server/metrics-server:v0.4.2 uses according to trivy a debian base image base on Debian 9.13, which is end of life since July 6th, 2020 (see https://www.debian.org/releases/stretch) trivy scan also reports a huge...
**Describe the bug** **Possible supply chain vulnerability**: Download of software artifacts without checking the SSL certificates. `Invoke-DownloadDebianImage` uses `curl --ssl-no-revoke -k` (see https://github.com/Siemens-Healthineers/K2s/blob/d4876268dc372ab398ba9681ad971160bef1b86a/lib/modules/k2s/k2s.node.module/linuxnode/baseimage/base-image.module.psm1#L71-L77), meaning it does not check any certificate...
The dicom addon uses quite outdated container images where trivy spots quite lof of security issues. For reference, see the attached files. [curlimages__curl_8.5.0.txt](https://github.com/user-attachments/files/21767673/curlimages__curl_8.5.0.txt) [docker_io__library__postgres_17.3.txt](https://github.com/user-attachments/files/21767674/docker_io__library__postgres_17.3.txt) [jodogne__orthanc-plugins_1.12.6.txt](https://github.com/user-attachments/files/21767675/jodogne__orthanc-plugins_1.12.6.txt)
trivy scan shows quite a lot of security issues, see attached files Please update [k8s_gcr.io__cuda-vector-add_v0.1.txt](https://github.com/user-attachments/files/21768428/k8s_gcr.io__cuda-vector-add_v0.1.txt) [nvcr_io__nvidia__k8s__dcgm-exporter_3.1.8-3.1.5-ubuntu20.04.txt](https://github.com/user-attachments/files/21768429/nvcr_io__nvidia__k8s__dcgm-exporter_3.1.8-3.1.5-ubuntu20.04.txt) [nvcr_io__nvidia__k8s-device-plugin_v0.15.0-ubi8.txt](https://github.com/user-attachments/files/21768431/nvcr_io__nvidia__k8s-device-plugin_v0.15.0-ubi8.txt) Furthermore, for dcgm-exporter, please switch the ubi (Red Hat) base image instead of...
used versions are quite outdated and trivy reports quite a lot of security issues, see attached files. [quay_io__kiwigrid__k8s-sidecar_1.24.3.txt](https://github.com/user-attachments/files/21769051/quay_io__kiwigrid__k8s-sidecar_1.24.3.txt) [quay_io__prometheus__alertmanager_v0.25.0.txt](https://github.com/user-attachments/files/21769050/quay_io__prometheus__alertmanager_v0.25.0.txt) [quay_io__prometheus__node-exporter_v1.6.0.txt](https://github.com/user-attachments/files/21769052/quay_io__prometheus__node-exporter_v1.6.0.txt) [quay_io__prometheus__prometheus_v2.44.0.txt](https://github.com/user-attachments/files/21769053/quay_io__prometheus__prometheus_v2.44.0.txt) [quay_io__prometheus-operator__prometheus-operator_v0.66.0.txt](https://github.com/user-attachments/files/21769055/quay_io__prometheus-operator__prometheus-operator_v0.66.0.txt) [registry_k8s.io__ingress-nginx__kube-webhook-certgen_v20221220-controller-v1.5.1-58-g787ea74b6.txt](https://github.com/user-attachments/files/21769057/registry_k8s.io__ingress-nginx__kube-webhook-certgen_v20221220-controller-v1.5.1-58-g787ea74b6.txt) [registry_k8s.io__kube-state-metrics__kube-state-metrics_v2.9.2.txt](https://github.com/user-attachments/files/21769058/registry_k8s.io__kube-state-metrics__kube-state-metrics_v2.9.2.txt)
logging addon uses quite outdated versions, e.g. fluentbit 3.0.4 which is end-of-life since Sep 11, 2024. In addition to that, trivy found quite a huge list of security issues, see...