-
Bug
-
Resolution: Done
-
Medium
-
Istanbul Release
VESMapper container runs as root user and using non-standard image - openjdk:11-jre-slim. For ONAP SECCOM complaince, require base following updates
1) Migrate to SECCOM recommended base image - onap/integration-java11:9.0.0 or latest - https://nexus3.onap.org/#browse/browse:docker.release:v2%2Fonap%2Fintegration-java11%2Ftags
2) Modify application/docker execution to run as non-root
Benefits from switching over:
- minimal {java11,python} images maintained by integration team
- using currently "blessed by seccom" versions (:latest tag used)
- should limit spread of legal issues across layers *
- integration images will be the first to have automated compliance documentation
- should limit spread of base layers (contributing to deployment footprint - more base layers = more to download, more to store etc...)
- relates to
-
DCAEGEN2-2420 REQ-379 projects must use approved and verified base images for their containers
- Closed