-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17 #2135
tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17 #2135
Conversation
291cf09
to
400c86d
Compare
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Hi @zondervancalvez |
4ddf803
to
c65ae79
Compare
Issue is now addressed. Thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@zondervancalvez Thank you, this looks good to me, I'm just marking it down for a change request because I'd like to ask you to do a manual test of the new image (once the manual test passed please write that down here and then request a review again)
The test needs to make sure that at least one of the Fabric (v2) connector tests are passing fine with this image.
- You build the image locally tagging it something like
faio
- You override one of the test cases to a) not pull the image b) use the
faio
image instead of the official ghcr.io ones - You run the test case (which now will be running against a container made from your image from this PR)
- You verify that the test case has passed.
Please make sure to cover at least these test cases with the above methodology and the explicitly confirm in a follow-up comment that all of these test cases passed with your image:
- packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-endpoint-v1.test.ts
- packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-cc-from-golang-source.test.ts
- packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-with-identities.test.ts
@zondervancalvez Ping. |
Hi @petermetz,
On the remaining failing test script, we are encountering issue on As of now this is our blocker but we are trying to debug on the issue and the possible resolution. |
c65ae79
to
64aac35
Compare
b0717ca
to
7eef2ad
Compare
Hi @petermetz, packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-endpoint-v1.test.ts - PASSED |
7eef2ad
to
f77e6c4
Compare
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
ce3d750
to
b28ed21
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I pushed the fixes, LGTM
Hard to dertermine which exact vulnerabilities will this be fixing because other pull requests also upgrade the image version of this container in the time while the pull request for this commit was open. Nevertheless, it is an upgrade of versions and therefore some of the CVEs are very likely getting addressed by it. Fixes hyperledger-cacti#2057 Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
b28ed21
to
efb6911
Compare
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes #1876 Depends On: #2121 Depends On: #2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger-cacti#1876 Depends On: hyperledger-cacti#2121 Depends On: hyperledger-cacti#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.
Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.
Fixes https://github.com/hyperledger/cacti/issues/2057
Co-authored-by: Peter Somogyvari peter.somogyvari@accenture.com
Signed-off-by: zondervancalvez zondervan.v.calvez@accenture.com
Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com