tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17 #2135
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zondervancalvez
requested review from
petermetz,
takeutak,
izuru0,
jagpreetsinghsasan and
sandeepnRES
as code owners
zondervancalvez
force-pushed
the
zondervancalvez/issue2057
branch
4 times, most recently
from
291cf09
to
400c86d
Compare
takeutak
approved these changes
Jul 27, 2022
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Jul 27, 2022
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Jul 27, 2022
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
|
Hi @zondervancalvez |
zondervancalvez
force-pushed
the
zondervancalvez/issue2057
branch
3 times, most recently
from
4ddf803
to
c65ae79
Compare
Issue is now addressed. Thanks. |
petermetz
requested changes
Aug 24, 2022
There was a problem hiding this comment.
@zondervancalvez Thank you, this looks good to me, I'm just marking it down for a change request because I'd like to ask you to do a manual test of the new image (once the manual test passed please write that down here and then request a review again)
The test needs to make sure that at least one of the Fabric (v2) connector tests are passing fine with this image.
- You build the image locally tagging it something like
faio - You override one of the test cases to a) not pull the image b) use the
faioimage instead of the official ghcr.io ones - You run the test case (which now will be running against a container made from your image from this PR)
- You verify that the test case has passed.
Please make sure to cover at least these test cases with the above methodology and the explicitly confirm in a follow-up comment that all of these test cases passed with your image:
- packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-endpoint-v1.test.ts
- packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-cc-from-golang-source.test.ts
- packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-with-identities.test.ts
|
@zondervancalvez Ping. |
Hi @petermetz,
On the remaining failing test script, we are encountering issue on As of now this is our blocker but we are trying to debug on the issue and the possible resolution. |
zondervancalvez
force-pushed
the
zondervancalvez/issue2057
branch
from
c65ae79
to
64aac35
Compare
zondervancalvez
force-pushed
the
zondervancalvez/issue2057
branch
2 times, most recently
from
b0717ca
to
7eef2ad
Compare
|
Hi @petermetz, packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-endpoint-v1.test.ts - PASSED |
zondervancalvez
force-pushed
the
zondervancalvez/issue2057
branch
from
7eef2ad
to
f77e6c4
Compare
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 15, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 15, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 15, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 15, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
VRamakrishna
approved these changes
Aug 16, 2023
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 16, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz
force-pushed
the
zondervancalvez/issue2057
branch
from
ce3d750
to
b28ed21
Compare
petermetz
changed the title
Hard to dertermine which exact vulnerabilities will this be fixing because other pull requests also upgrade the image version of this container in the time while the pull request for this commit was open. Nevertheless, it is an upgrade of versions and therefore some of the CVEs are very likely getting addressed by it. Fixes hyperledger#2057 Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
force-pushed
the
zondervancalvez/issue2057
branch
from
b28ed21
to
efb6911
Compare
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 21, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 23, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 30, 2023
Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 30, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Aug 30, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this pull request
Sep 7, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz
pushed a commit
to zondervancalvez/cactus
that referenced
this pull request
Sep 7, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz
pushed a commit
that referenced
this pull request
Sep 7, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes #1876 Depends On: #2121 Depends On: #2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
adrianbatuto
pushed a commit
to adrianbatuto/cacti
that referenced
this pull request
Sep 8, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
adrianbatuto
added a commit
to adrianbatuto/cacti
that referenced
this pull request
Sep 8, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
adrianbatuto
pushed a commit
to adrianbatuto/cacti
that referenced
this pull request
Sep 20, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
sandeepnRES
pushed a commit
to sandeepnRES/cacti
that referenced
this pull request
Dec 21, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2121 Depends On: hyperledger#2135 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.
Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.
Fixes #2057
Co-authored-by: Peter Somogyvari peter.somogyvari@accenture.com
Signed-off-by: zondervancalvez zondervan.v.calvez@accenture.com
Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com