Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address High vulnerabilities in OVMS SNYK scan #192

Closed
4 tasks done
heyselbi opened this issue Sep 14, 2023 · 4 comments
Closed
4 tasks done

Address High vulnerabilities in OVMS SNYK scan #192

heyselbi opened this issue Sep 14, 2023 · 4 comments
Assignees
@spolti
Labels
odh-1.11 rhods-2.5

Comments

@heyselbi
Copy link

heyselbi commented Sep 14, 2023
edited by spolti
Loading

Link to SNYK report

  • Address 4 high vulnerabilities in openvino-model-server, upstream first.
  • (highly recommended, but not required) Address 2 high vulnerabilities in [quay scan]
  • sync ovms/main with odh/main
  • cherry pick from odh/main to odh/2023.1 the security fixes

(https://quay.io/repository/opendatahub/openvino_model_server/manifest/sha256:2cbe8a48ab0bc6fe7fb76919bf33253e83a6218a9c4b486b744c3dcf30679616?tab=vulnerabilities), upstream first.
@heyselbi heyselbi converted this from a draft issue Sep 14, 2023
@heyselbi heyselbi moved this from New/Backlog to To-do/Groomed in ODH Model Serving Planning Sep 14, 2023
@heyselbi heyselbi moved this from To-do/Groomed to In Progress in ODH Model Serving Planning Oct 10, 2023
@heyselbi heyselbi mentioned this issue Oct 16, 2023
Closed
@spolti spolti moved this to In Progress in Internal tracking Oct 17, 2023
@spolti
Copy link
Member

spolti commented Oct 27, 2023
edited
Loading

Cant add upstream PR on development.

OpenVINO Critical/High vuls:

Security fixes merged as part of openvinotoolkit/model_server#2136

@heyselbi heyselbi changed the title Address "High" vulnerabilities in SNYK scan of modelmesh repos Address High vulnerabilities in OVMS SNYK scan Oct 31, 2023
@heyselbi heyselbi mentioned this issue Oct 31, 2023
Closed
2 tasks
@heyselbi heyselbi moved this from In Progress to Under Review in ODH Model Serving Planning Oct 31, 2023
@spolti
Copy link
Member

spolti commented Nov 10, 2023
edited
Loading

Community: Image update: openvinotoolkit/model_server#2140

  • https://github.com/openvinotoolkit/model_server/commit/03c29f788a284f2e6eb4332c79a87b3daeb5ba22

I was not able to reproduce a odh build to run the Clair scan against it.
Create this PR opendatahub-io/openvino_model_server#3 hoping this would build, and push to quay, yes?

@spolti
Copy link
Member

spolti commented Nov 10, 2023

ODH merged, quay scan is green:

Screenshot 2023-11-10 at 16 26 14

@spolti
Copy link
Member

spolti commented Nov 14, 2023
edited
Loading

ODH Cherry-picks:

Main branch sync

@spolti spolti closed this as completed Nov 16, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in Internal tracking Nov 16, 2023
@github-project-automation github-project-automation bot moved this from Under Review to Done in ODH Model Serving Planning Nov 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spolti spolti

Labels
odh-1.11 rhods-2.5
Projects
Internal tracking
Status: Done
ODH Feature Tracking
Status: No status
ODH Model Serving Planning
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spolti @heyselbi