Hi:
We are using Confluent for Kubernetes in an internal project; however, the confluent-init-container:7.4.1 image that gets used in Kafka and zookeeper and etc. pod had failed image security scanning.
The failure reason was due to the go stdlib that was compiled in the filewatcher binary in the image.
-
The vulnerability had to do with the go compilation process, which should not be relevant here as filewatcher is just an executable file.
-
Vulnerability in interacting with JS files, which I suspect may also not be relevant here as I don’t believe Kafka, zookeeper, or Kraft controller should have much to do with JS file.
So, my question is are my observations correct? And, also, can anyone please provide some insights into the purpose of filewatch in the confluent-init-container? Well, as the image name suggested, it is just a short live init container.
Thanks so much for your help as we are in the process of requesting for exemption for the image!
Best Regards,
~Tim