Skip to content

chore(security): apply security updates for MTV images #3950

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Hazanel wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(security): apply security updates for MTV images #3950

Hazanel wants to merge 1 commit into from

Conversation

@Hazanel
Copy link
Contributor

@Hazanel Hazanel commented Dec 23, 2025

Uses dnf update -y --security when dnf is available (full UBI images) Falls back to microdnf update -y when only microdnf is available (minimal UBI images)

@Hazanel Hazanel changed the title Resolves: Clair-scans for MTV images Resolves: clair-scans for MTV images Dec 23, 2025
@Hazanel Hazanel changed the title Resolves: clair-scans for MTV images chore(security): clair-scans for MTV images Dec 23, 2025
@Hazanel Hazanel changed the title chore(security): clair-scans for MTV images chore(security): apply security updates for MTV images Dec 23, 2025
@codecov-commenter
Copy link

codecov-commenter commented Dec 23, 2025
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 9.07%. Comparing base (f1fe5d0) to head (63c5551).
⚠️ Report is 1413 commits behind head on main.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff            @@
##             main   #3950      +/-   ##
=========================================
- Coverage   15.45%   9.07%   -6.39%     
=========================================
  Files         112     392     +280     
  Lines       23377   47469   +24092     
=========================================
+ Hits         3613    4306     +693     
- Misses      19479   42781   +23302     
- Partials      285     382      +97
Flag Coverage Δ
unittests 9.07% <ø> (-6.39%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Hazanel
fix(security): apply security updates in Containerfiles
63c5551 
Add security update commands to Containerfiles to ensure all packages
are updated with latest security patches during image build. This
addresses vulnerabilities identified in clair-scan reports.

Changes:
- Add conditional dnf/microdnf check in Containerfiles for UBI9-minimal
- Use 'dnf update -y --security' for targeted security updates when dnf is available
- Use 'microdnf update -y' when only microdnf is available (minimal UBI images)
- Combine RUN commands to reduce image layers
- Apply same security update pattern to both upstream and downstream Containerfiles

Updated images:
- forklift-api
- forklift-ova-provider-server
- forklift-ova-proxy
- populator-controller
- vsphere-xcopy-volume-populator

Resolves: None
Signed-off-by: Elad Hazan <ehazan@redhat.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 23, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mnecas mnecas Awaiting requested review from mnecas mnecas is a code owner

@yaacov yaacov Awaiting requested review from yaacov yaacov is a code owner

@solenoci solenoci Awaiting requested review from solenoci solenoci is a code owner

@mrnold mrnold Awaiting requested review from mrnold mrnold is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Hazanel @codecov-commenter