neotys-labs / docker Goto Github PK
View Code? Open in Web Editor NEWNeoLoad docker assets, like Dockerfile to build load generators and controller
NeoLoad docker assets, like Dockerfile to build load generators and controller
Our vulnerability scanner is flagging CVE-2023-44794
in the neoload-controller and neload-loadgenerator container images.
From what I can see, it is flagging on the spring-core:5.3.27
package which is added to the image in the Dockerfile command:
COPY /neoload /home/neoload/neoload # buildkit
Can I ask if this has already been investigated? And if there is a remediation/mitigation available?
Many thanks,
EDIT: I believe a prerequisite for the vulnerability is the use of Dromara SaToken <=v1.36.0 - so it is possible this may be a false positive if that is not in use?
https://nvd.nist.gov/vuln/detail/CVE-2022-42889
Using latest/9.0.1 of both controller and lg images.
This appears to be fixed in Apache Commons Text v1.10
When we try to start up the docker image with the following configured parms we are seeing this error after the project is checked out of collaboration server (AzureDevops).
Checking out project: Sample_Project
_com.neotys.nl.l.a.n: Item '/DevOps/git/neoload-demo/Sample_Project/8_6/project' does not exist
options being passed in (via docker-compose.yml):
The problem seems to be with something is expecting project to be in the a path that is not provided.
Item '/DevOps/_git/neolaod-demo/Sample_Project/8_6/project' does not exist
in this path we are not providing the /8_6/project and we believe this may be why the checkout is failing every time.
Also the collaboration project WAS published from NeoLoad, so we are expecting the its setting up the project correctly.
We are also using the latest docker image as of 10/6/2022
The tag 7.11.1 (and latest also) of neotys/neoload-loadgenerator contains NeoLoad 7.11.0 and cannot be used with a 7.11.1 Neoload Controller installation.
docker run --rm --detach neotys/neoload-loadgenerator:7.11.1
Unable to find image 'neotys/neoload-loadgenerator:7.11.1' locally
7.11.1: Pulling from neotys/neoload-loadgenerator
540db60ca938: Pull complete
b950557f6e3b: Pull complete
e18d5a8beff4: Pull complete
9d5547ccdd43: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:0b723fe887e5906882c91e59b37afec5d25664fb2331122f01c894b413911330
Status: Downloaded newer image for neotys/neoload-loadgenerator:7.11.1
2793f0799b174a347c0085cb1d593317912ee43405648994c918d63865adf1bd
docker logs 2793
LoadGeneratorAgent running
2021/10/14 07:23:10 INFO - neoload.agent.Agent: Starting agent (7.11.0;build=20210903-38)...
2021/10/14 07:23:10 INFO - neoload.agent.Agent: OS Version:amd64 - Linux - 5.10.47-linuxkit
2021/10/14 07:23:10 INFO - neoload.agent.Agent: JVM Version:BellSoft - 11.0.8 - OpenJDK 64-Bit Server VM - Xmx= 477626368 bytes
2021/10/14 07:23:10 INFO - neoload.agent.Agent: Initialize preferences
2021/10/14 07:23:10 INFO - neoload.agent.Agent: Initialize cloud properties
2021/10/14 07:23:10 INFO - neoload.agent.Agent: WAN mode is none
2021/10/14 07:23:10 INFO - neoload.agent.Agent: WAN Emulation is disabled
2021/10/14 07:23:10 INFO - neoload.agent.Agent: Initialize multicast threads
2021/10/14 07:23:10 INFO - neoload.agent.Agent: Start transport API server on port: 7100
2021/10/14 07:23:12 INFO - neoload.agent.Agent: Agent started
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.