Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore CVE-2023-5717 #2549

Merged
merged 1 commit into from
Nov 6, 2023
Merged

Ignore CVE-2023-5717 #2549

merged 1 commit into from
Nov 6, 2023

Conversation

dannymidnight
Copy link
Contributor

Pretty sure this one is safe to ignore. It affects the Linux Profiler perf tool which we don't use.

@dannymidnight
Ignore CVE-2023-5717
22e5b9f 
It affects the Linux Profiler `perf` tool which we don't use.
@dannymidnight dannymidnight requested a review from a team November 6, 2023 06:05
@buildkite-docs-bot
Copy link
Contributor

Preview URL: https://2549--bk-docs-preview.netlify.app

yob
yob approved these changes Nov 6, 2023
View reviewed changes
Copy link
Contributor

@yob yob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree this is very likely fine to ignore.

If we were keen, at some point we could refactor the Dockerfile to be multistage, with the gems compiled in one target then copied across into a production target that doesn't have all the header files (including linux-libc-dev which I suspect is what all the linux CVE ignores are for).

@dannymidnight
Copy link
Contributor Author

If we were keen, at some point we could refactor the Dockerfile to be multistage, with the gems compiled in one target then copied across into a production target that doesn't have all the header files (including linux-libc-dev which I suspect is what all the linux CVE ignores are for).

Good call, I'm keen. It was already worth doing for optimised images and now that there's more visibility into CVEs it seems even more worthwhile.

I'll pencil something in the backlog and hit you up when I'm looking to tackling it.

@dannymidnight dannymidnight merged commit 8d68855 into main Nov 6, 2023
1 check passed
@dannymidnight dannymidnight deleted the ignore-cve-CVE-2023-5717 branch November 6, 2023 23:45
@yob
Copy link
Contributor

yob commented Nov 6, 2023

🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yob yob yob approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dannymidnight @buildkite-docs-bot @yob