I am using the ECK operator 1.3.0 version docker image to provision the Elastic cluster, when I run the security scan on the ECK docker image there are security vulnerabilities and all of them comes from Package type. I wanted to make sure if they are really exploitable or can I ignore if they are not exploitable. Also if want to update any security patches on the same how do I proceed on the same ?.
Any guide would really help. Thanks for help.
Below is the scan report which shows security vulnerabilities.
There are a few things happening here, let me know if anything isn't clear in my response. This is a complex topic.
First, the packages. The current version of ECK is 1.5, we always suggest scanning the latest version as those containers will be the most updated packages. Elastic supports our products running within updated containers, you are welcome to run 'microdnf update' on the images to pull in the latest packages from Red Hat.
As for the package flaws themselves, I would not expect any of these to affect ECK. The ECK operator is a statically linked Go executable. It does not rely on operating system packages for its operation. None of these package should pose any threat to your infrastructure.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
