Skip to content

Commit 29a9144

Browse files
Trivy fixes (#251)
Signed-off-by: Kumar, Anand <anand.kumar@intel.com> Co-authored-by: Kumar, Anand <anand.kumar@intel.com>
1 parent 62f94a0 commit 29a9144

File tree

16 files changed

+198
-21
lines changed

16 files changed

+198
-21
lines changed

.trivyignore

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,16 @@ CVE-2024-3056
1010
CVE-2025-6020
1111
CVE-2025-47906
1212
CVE-2025-47907
13+
14+
# TODO: Remove once kubectl and kata-container release with upgraded go is available.
15+
CVE-2025-47912
16+
CVE-2025-58183
17+
CVE-2025-58186
18+
CVE-2025-58187
19+
CVE-2025-58188
20+
CVE-2025-61724
21+
22+
# TODO: Remove once kata-container release with upgraded runc is available.
23+
CVE-2025-31133
24+
CVE-2025-52565
25+
CVE-2025-52881

attestation-manager/src/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/open-edge-platform/trusted-compute/attestation-manager/src
22

3-
go 1.24.7
3+
go 1.24.9
44

55
require (
66
github.com/golang-jwt/jwt/v5 v5.3.0

attestation-verifier/attestation_verifier_inside_container.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ if [ -z "$1" ]; then
1515
fi
1616

1717
BUILD_PARAM=$1
18-
GO_VER=go1.24.7
18+
GO_VER=go1.24.9
1919

2020
#Installing Pre-requisites
2121
set -ex

attestation-verifier/src/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/open-edge-platform/trusted-compute/attestation-verifier/src
22

3-
go 1.24.7
3+
go 1.24.9
44

55
require (
66
github.com/DATA-DOG/go-sqlmock v1.5.2

attestation-verifier/utils/tools/containers/nats/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# */
55

66
# Multi-stage Dockerfile: build cfssl/cfssljson in a builder stage, copy only binaries into final image
7-
FROM golang:1.24.7-bookworm AS builder
7+
FROM golang:1.24.9-bookworm AS builder
88

99
WORKDIR /src/cfssl
1010

helm/trustagent/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ config:
5757
/opt/kata/bin/qemu-system-x86_64
5858
/opt/kata/libexec/virtiofsd
5959
/opt/kata/share/defaults/kata-containers/configuration-qemu.toml
60-
/opt/kata/share/kata-containers/vmlinuz-6.12.44-1.emt3
60+
/opt/kata/share/kata-containers/vmlinuz-6.12.44-2.emt3
6161
/opt/kata/share/kata-containers/trusted-vm.img
6262
/opt/kata/share/kata-qemu/qemu/bios-256k.bin
6363
/opt/kata/share/kata-qemu/qemu/efi-virtio.rom

helm/trusted-workload/charts/cc-operator/templates/cc-operator-deployment.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6650,7 +6650,7 @@ spec:
66506650
valueFrom:
66516651
fieldRef:
66526652
fieldPath: metadata.namespace
6653-
image: quay.io/confidential-containers/operator:v0.14.0
6653+
image: quay.io/confidential-containers/operator:v0.16.0
66546654
livenessProbe:
66556655
httpGet:
66566656
path: /healthz

helm/trusted-workload/charts/cc-operator/tests/cc-operator-deployment_test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,7 @@ tests:
338338
value: metadata.namespace
339339
- equal:
340340
path: spec.template.spec.containers[0].image
341-
value: quay.io/confidential-containers/operator:v0.14.0
341+
value: quay.io/confidential-containers/operator:v0.16.0
342342
- equal:
343343
path: spec.template.spec.containers[0].livenessProbe.httpGet.path
344344
value: /healthz

trusted-vm/Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ EDGE_MICROVISOR_COMMIT?="3.0.20250910"
1212
EDGE_MICROVISOR_SRC_DIR=$(BUILD_DIR)/microvisor_src
1313

1414
KATA_CONTAINERS_SRC=https://github.com/kata-containers/kata-containers.git
15-
KATA_CONTAINERS_TAG?=3.17.0
15+
KATA_CONTAINERS_TAG?=3.21.0
1616
KATA_CONTAINERS_SRC_DIR=$(BUILD_DIR)/kata_src
1717

1818
MAKEFILE_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))

trusted-vm/tvm-agent/tvm_agent_build.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ TVM_AGENT_BUILD_DIR="${PWD}"
1111
KATA_CONTAINER_DIR="${TVM_AGENT_BUILD_DIR}/kata-containers"
1212

1313
KATA_CONTAINER_GIT_URL="https://github.com/kata-containers/kata-containers.git"
14-
KATA_CONTAINER_GIT_BRANCH="3.17.0"
14+
KATA_CONTAINER_GIT_BRANCH="3.21.0"
1515

1616
DOCKER_IMAGE="ubuntu:24.04"
1717
TVM_AGENT_CLEAN_AFTER_BUILD="yes"

0 commit comments

Comments
 (0)