Coder Social home page Coder Social logo

Comments (5)

atom-box avatar atom-box commented on August 29, 2024

It would be great if we added the following. This is a saved reply we have sent before from the Support email team:

Please note that the Matomo docker images do not form part of our automated security assessments and vulnerability scans. We only do this for the Matomo codebase itself.​​​​

If you need to fix this in order to deploy the container to your network, then there are a few options available to you:

  • Build your own docker image to be used for your Matomo deployment. For our security-focused users, this is going to be the best method available as it ensures you have complete and full control of all dependencies and packages installed in the container itself or
  • Update the vulnerable packages in the docker image and save the patched image as your base image for deployment. This is likely the easiest solution if you don't want to go through the process of building your own docker image from scratch. The process of updating packages and committing the changes to the base image is out of the scope of our support, but there are several guides online that you can use to make the necessary changes to your docker image.​​​

from docker.

ezekieldas avatar ezekieldas commented on August 29, 2024

Ugh. Given the mishaps in getting the container up for a quick assessment/demo + this issue informing me of "complete and full control of all dependencies and packages..." leads to my confidence in this project quickly waning.

We expect project owners to not only offer containers, but also ensure integrity with their container offerings. My team is focused on delivering results rather than goose chase finger traps. No container or neglected container is so last century.

We may revisit sometime next year.

from docker.

michalkleiner avatar michalkleiner commented on August 29, 2024

@ezekieldas thank you for your feedback. We will pass it onto the product team.

In the meantime, you can browse the free demo on https://demo.matomo.cloud/ or quickly establish a free trial with all the premium features via https://matomo.org and https://matomo.org/lets-get-started/.

from docker.

J0WI avatar J0WI commented on August 29, 2024

See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

from docker.

atom-box avatar atom-box commented on August 29, 2024

We had another user today report that they use this matomo docker image "as is", without customizing it.

from docker.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.