Can you confirm that the latest renovate-ce image vulnerabilities are not reachable? #460
Replies: 1 comment 3 replies
-
The full image will always have some vulnerabilities because it seems package managers always have some lingering vulnerabilities. We do not review these for reachability, our only recourse is to upgrade package managers periodically with most releases. We also do not offer this as a paid service, but perhaps your security team can employ some consultants to look into it. If you use the non-full image then you'll see a lot less vulnerabilities, because there are a lot less package managers installed. |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, the latest image version of renovate-ce:6.11.0-full has some security issues due to some of the packages installed.
My security team is asking whether these vulnerabilities are not reachable? In order to use the image.
If you could let me know that would be greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions