https://linen.dev logo
Join Slack
Powered by
Just wondering if theres a security channel or any...
# contributing-to-airbyte
d
Just wondering if theres a security channel or anyone looking at the security side of airbyte, Ive done a scan from the public repo using snyk free tier (Disclaimer: i do work for them) and it looks like theres some possible known open source vulns and some container config issues to be looked at. Possible code issues too, but those need exploring some more to see if they are false positives. continued in thread...
note this number is a lot higher than i normally see, there is a lot of container configs that its scanned (its actually still running)
looking through some theres a lot of lib and dep version issues, axios in source-plaid package json for example needs to get bumped 0.2 versions to sort out a redos vulnerability
the airbyte webapp docker image looks like its got some curl/libcurl issues too particularly with CVE-2021-22946 in nginx:1.19-alpine (fixed in nginx:1.20.1-alpine)
u
Thanks @developersteve after finish the analysis is possible to generate a full report?
d
I just use free tier for demos and public repo scans so dont have access to reporting, Id screen shot it but its literally 521 lines long (also 1000 high level items). Best bet would be setup an account or i can give someone access to this one (although i do have 1385 projects being monitored in mine)
c
Thanks. We will check it out! We appreciate it.
We certain appreciate contributions to help address any of these as well.
d
actually would love to chat for an upcoming campaign we have coming up in feb if you wanted to be part of it. we are looking for open source projects/groups to be featured for it
c
Oh. That would be great. Would love to talk more about it. I'll DM you to set something up.
2 Views
Open in Slack
PreviousNext
Powered by