Skip to content

chore: harden container base images for SCA findings#7

Closed
stevologic wants to merge 1 commit into
mainfrom
codex/evaluate-and-fix-sca-vulnerabilities
Closed

chore: harden container base images for SCA findings#7
stevologic wants to merge 1 commit into
mainfrom
codex/evaluate-and-fix-sca-vulnerabilities

Conversation

@stevologic

Copy link
Copy Markdown
Owner

Motivation

  • SCA tooling could not be run in this environment due to outbound restrictions to Go proxy/GitHub and missing scanner binaries, so base images were pinned/updated to reduce known CVE exposure, supply-chain drift, and improve reproducibility.

Description

  • Updated backend build image from golang:1.24-alpine to golang:1.24.6-alpine3.21, backend runtime from alpine:3.18 to alpine:3.21, and UI image from nginx:alpine to nginx:1.27-alpine3.21 by modifying Dockerfile and ui/Dockerfile.

Testing

  • Ran go test ./... which passed, and attempted govulncheck and go list -m -u (and other SCA scanner invocations) which failed due to network/Go proxy/GitHub restrictions and missing scanner binaries in the environment.

Codex Task

@stevologic stevologic closed this Feb 12, 2026
@stevologic stevologic deleted the codex/evaluate-and-fix-sca-vulnerabilities branch June 27, 2026 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant