Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

DevProd Build
Backwards Compatibility:
Fully Compatible
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

The number of dependencies pulled in by mongo-container frequently trigger security vulnerability scanners. To reduce our exposure, we may be able to leverage the "install_weak_deps" dnf option to avoid having to pull in python as a transitive dependency, ex:

microdnf install <pkgs> --setopt=install_weak_deps=0

See https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/scripts/dev/templates/agent/Dockerfile.ubi#L6 for an example

The references here would need to be updated: https://github.com/10gen/mongo-container/blob/master/7.0/ubi8/Dockerfile.base.j2#L18

is depended on by

SERVER-80835 Investigate unnecessary docker image package dependencies

Backlog

Assignee:: Zack Winter
Reporter:: Zack Winter
Participants:: Zack Winter
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Jan 10 2024 01:22:04 AM UTC
Updated:: Jun 15 2024 04:09:24 AM UTC
Resolved:: Jun 04 2024 12:39:26 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates