What is the purpose of filewatcher in confluent-init-container image?

Clustersolutions · 26 July 2023 02:09

Hi:

We are using Confluent for Kubernetes in an internal project; however, the confluent-init-container:7.4.1 image that gets used in Kafka and zookeeper and etc. pod had failed image security scanning.

The failure reason was due to the go stdlib that was compiled in the filewatcher binary in the image.

The vulnerability had to do with the go compilation process, which should not be relevant here as filewatcher is just an executable file.
Vulnerability in interacting with JS files, which I suspect may also not be relevant here as I don’t believe Kafka, zookeeper, or Kraft controller should have much to do with JS file.

So, my question is are my observations correct? And, also, can anyone please provide some insights into the purpose of filewatch in the confluent-init-container? Well, as the image name suggested, it is just a short live init container.

Thanks so much for your help as we are in the process of requesting for exemption for the image!

Best Regards,

~Tim

Srivanupamk · 24 August 2023 06:18

I am also using cp-kafka: latest images and while scanning using the vulnerability scan tool we are getting a critical vulnerability with certifi package. Does any one has any input on this or pointer to an image that has fixed this .

Thanks
An

Topic		Replies	Views
How to mount volumes for Kafka docker images Containers	4	6381	10 April 2021
Cp-kafka installation on kubernetes Containers	4	3598	3 February 2022
Is the kafka-connect docker image confluentinc/cp-kafka-connect-base:5.5.0 affected by the log4j vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228? Kafka Connect	2	2896	14 December 2021
Dockerize Kafka Streams Kafka Streams	2	3167	12 July 2021
Local Confluent stack - failing Ops	10	5269	14 June 2021

What is the purpose of filewatcher in confluent-init-container image?

Related Topics