UNCLASSIFIED - NO CUI

Snippets Groups Projects

Currently supported Big Bang Version is 2.49

Attention Iron Bank Customers: On March 27, 2025, we are moving SBOM artifacts from the Anchore Scan job to the Build job to streamline the container hardening pipeline. If you currently download SBOMs from the Anchore Scan job, you can still get them from the Build job and from other sources, including IBFE and image attestations.

Neuvector 5.4.2 Broken With FIPS Host and Manager SSL Disabled

Big Bang disables SSL for the Neuvector manager by default, since the Neuvector web front-end is fronted by the Istio public ingress gateway.

Neuvector 5.4.2 tries to auto-detect a FIPS host and update the runtime crypto configs accordingly. If SSL is disabled, neuvector-manager fails to start on fips-enabled hosts.

There is a known, upstream issue here https://github.com/neuvector/neuvector/issues/1757

Until this is fixed, we can not upgrade to 5.4.2 .

Edited 1 month ago by Michael Martin

UNCLASSIFIED - NO CUI