Hi Team ,
We have implemented AWX 14.0.0 on our Localhost via docker containerisation (docker-compose) concept . Could you please guide me on the process of how we can solve vulnerabilities that exist on container images say for example for Version 14.0.0 images awx , redis and postgres ?
Hi Team ,
Could you please point to me right direction on this ?
This isn’t really an Ansible or AWX question, but more of a docker/security/OS type question. There are many tools out there specifically made for docker security, and of course you could always scan them with other common security tools like Qualys, clamav, etc., or whatever other tools you are willing and able to install in those containers (or in the images themselves if you build them yourself). That they happen to be running Ansible/awx/redis/postgres, etc., make them no different than any other container IMHO.
Hi Team ,
Let me reframe my question , Let say we have docker images security scanning tool available in our Environment now the question is if any vulnerabilities are detected lets say on ansibl/awx image then is there any support process for tracking and helping in remediating these from AWX side ? Any process invloved for reporting those as well ?
So AWX is an open source solution, thus there is no “support” beyond submitting a bug report on the project itself, but don’t expect a vulnerability to be considered a high priority issue.
We have a container scanning solution which points out new vulnerabilities every 15 days or so. Since AWX is open source, what we do is fix the vulnerabilities on our own. There are either related to modules used by AWX which can be submitted as vulnerabilities and the engineers address them in the next release but there are many which are related to the CentOS image and are out of scope. I believe the best way is to fix vulnerabilities is to build your own images (with the fixes). That’s what we have been doing for a long time now. Our container/image scanning tool points out the vulnerability and their fixes for RedHat which are pushed after a long time in CentOS images. In that case, we re-create the packages with their fixes on our own. It might be painful process sometimes but hey, the great product is available for free.
Hi Ankit,Team
Thanks for below info .Could you please let me know how you fix the vulnerability that are for Centos8 or lets say postgres10 image?
Also could you guide me how we can built our own image in AWX with the fixes?
Hoping to hear from you on this .
Thanks
Gaurav Pande