Looks like DRA driver patches CVEs using a conditional in Dockerfile to run package manager tooling
https://github.com/NVIDIA/k8s-dra-driver/blob/main/deployments/container/Dockerfile.ubuntu#L54-L60
https://github.com/NVIDIA/k8s-dra-driver/blob/main/deployments/container/Dockerfile.ubi8#L54-L59
https://github.com/project-copacetic/copacetic is a CNCF sandbox project for a CLI tool for directly patching container images with support for multiple package managers (apt, apk, yum, etc), and distroless images. This can be set up for build time and recurringly with any cadence to automate patching.
Would maintainers be interested in integration or contribution for an integration?
@elezar
Looks like DRA driver patches CVEs using a conditional in Dockerfile to run package manager tooling
https://github.com/NVIDIA/k8s-dra-driver/blob/main/deployments/container/Dockerfile.ubuntu#L54-L60
https://github.com/NVIDIA/k8s-dra-driver/blob/main/deployments/container/Dockerfile.ubi8#L54-L59
https://github.com/project-copacetic/copacetic is a CNCF sandbox project for a CLI tool for directly patching container images with support for multiple package managers (apt, apk, yum, etc), and distroless images. This can be set up for build time and recurringly with any cadence to automate patching.
Would maintainers be interested in integration or contribution for an integration?
@elezar