Bug: A lot of CVEs in the `devtron` images (Fixable!)

[rirze]

📜 Description

You check the full report here:
https://artifacthub.io/packages/helm/devtron/devtron-operator

There's an abnormal amount of fixabled CVEs in the docker images that I see here. I'm pretty sure running a package manager update would fix many of these issues.

The reason I bring this up is so I can showcase this application for my company project, but if they see the current security report, they will 100% deny its adoption. If a lot of these could be fixed, it would my case better.

👟 Reproduction steps

Go to https://artifacthub.io/packages/helm/devtron/devtron-operator
Then click on "Full Report":

👍 Expected behavior

It should not have so many vulnerabilities.

👎 Actual Behavior

It has a lot of vulnerabilities.

☸ Kubernetes version

Any.

Cloud provider

Any.

🌍 Browser

Chrome

🧱 Your Environment

No response

✅ Proposed Solution

Perform docker image OS updates and update service dependencies so that CVEs are mitigated.

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find any similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[satyampsoni]

Thank you for bringing this up @rirze. We're working on fixing this, and it is already in the pipeline for the next release.

[rirze]

Thanks.

Not to beat a dead horse, but I really can't advocate this product for my project without significantly reducing the number of vulnerabilities shown here.

It would be great to use devtron for my workplace!