The cloud-native orchestrator for the whole development lifecycle, with integrated lineage and observability.

dagster

Hi All, has anyone tried to update the daggers container images as it's full of vulnerabilities based on AWS ECR scanning.

Hello - I suspect those vulnerabilities are all from the official Python docker base image: <https://hub.docker.com/_/python>

The High severity one listed there would normally be cause for alarm, but it appears to be present in every Debian distro and the Debian maintainers have marked it as not actually exploitable: <https://security-tracker.debian.org/tracker/CVE-2019-8457>

We can help with instructions for building the image on a different base image if there's one that you'd prefer, it should be pretty quick to do so as the image is basically just a couple of pip install commands