aelsabbahy / goss-docker Goto Github PK

View Code? Open in Web Editor NEW

27.0 27.0 13.0 20 KB

Easy docker health checks, /healthz endpoints, and container delays

License: Apache License 2.0

Dockerfile 100.00%

goss-docker's People

Contributors

Stargazers

Watchers

Forkers

gimler tuxpiper marcinpraczko plispe kennonkwok fabian-braun keithy obiesmans ccfenner urotasm asadmahmoodarm randled-re

goss-docker's Issues

master is older than latest 0.3.0 tag

v0.3.0 was last updated in march
master was last updated in feb???

CVE-2022-41723: high severity vulnerability in golang.org/x/net library

Hi Guys,
today I've scanned goss via trivy and it seems like a dependency needs to be updated in the latest version.
This is the output I recieve:
Total: 2 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

┌──────────────────┬─────────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│     Library      │    Vulnerability    │ Severity │ Installed Version │ Fixed Version │                            Title                            │
├──────────────────┼─────────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2022-41723      │ HIGH     │ v0.5.0            │ 0.7.0         │ golang.org/x/net/http2: avoid quadratic complexity in HPACK │
│                  │                     │          │                   │               │ decoding                                                    │
│                  │                     │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-41                  │
│                  ├─────────────────────┼──────────┤                   │               ├─────────────────────────────────────────────────────────────┤
│                  │ GHSA-vvpx-j8f3-3w6h │ UNKNOWN  │                   │               │ Uncontrolled Resource Consumption                           │
│                  │                     │          │                   │               │ https://github.com/advisories/GHSA-vvpx-j8f3-3w6h           │
└──────────────────┴─────────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

This is how to reproduce the error:
trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress "$FULL_IMAGE_NAME" while FULL_IMAGE_NAME is the container name

0.3.7

please create 0.3.7 release

refresh docker hub

please make a new release on docker hub.

The goss Docker image needs curl as dependency (v0.3.6)

I run goss in the Docker aelsabbahy/goss image with version 0.3.6 which is tagged as latest

VERSION:
   v0.3.6

The http module doesn't work as expected in the pure container

$ docker run -it -v $PWD:/data --rm --name goss aelsabbahy/goss \
    /bin/sh -c 'goss --gossfile /data/goss.yaml add http https://google.com/'
Get https://google.com/: x509: failed to load system roots and no roots provided

When I install curl beforehand it works.

$ docker run -it -v $PWD:/data --rm --name goss aelsabbahy/goss \
    /bin/sh -c 'apk -U add curl; goss --gossfile /data/goss.yaml add http https://google.com/'
fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/community/x86_64/APKINDEX.tar.gz
(1/4) Installing ca-certificates (20161130-r0)
(2/4) Installing libssh2 (1.7.0-r0)
(3/4) Installing libcurl (7.60.0-r1)
(4/4) Installing curl (7.60.0-r1)
Executing busybox-1.24.2-r14.trigger
Executing ca-certificates-20161130-r0.trigger
OK: 6 MiB in 15 packages
Adding HTTP to '/data/goss.yaml':

https://google.com/:
  status: 200
  allow-insecure: false
  no-follow-redirects: false
  timeout: 5000
  body: []

Because curl is installed and removed in the image on build time, I think it should never be removed.

But I wonder why the http module would need curl.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.