Sato 66

Dockerfile

@@ -39,6 +39,8 @@ RUN /opt/bitnami/scripts/airflow/postunpack.sh && \
     tar xfz /local/wheels/thrift-0.14.1.tar.gz -C /local/wheels && \
     pip install --no-index --no-deps /local/wheels/thrift-0.14.1/lib/py && \
     rm -rf /local/wheels/thrift-0.14.1* && \
+    # Remove Elasticsearch 7.5.1 due to high findings CVE-2020-7019 CVE-2020-7021 CVE-2020-7020 CVE-2020-7014 CVE-2020-7009
+    rm -rf /opt/bitnami/airflow/venv/lib/python3.8/site-packages/elasticsearch && rm -rf /opt/bitnami/airflow/venv/lib/python3.8/site-packages/elasticsearch-7.5* && \
     for f in $(ls -l /local/wheels | awk '{print $9}' |sed '/^$/d'); do pip install --no-index --no-deps /local/wheels/$f; done && \
     find /opt/bitnami/airflow/venv/lib/python3.8/site-packages -name "*.pem" -o -name "*.key" | egrep ".*test.*/.*\.pem|.*test.*/.*\.key" | xargs rm -f && \
     rm -rf /local/*

README.md

@@ -6,7 +6,8 @@ Project template for all Iron Bank container repositories.
 > Airflow is a platform to programmatically author, schedule and monitor workflows.
 
 https://airflow.apache.org/
-
+### Ironbank Hardened Image Notes:
+apache-airflow-providers-elasticsearch will not work on this image due to vulnerabilities with Elasticsearch 7.5.1 (Removed)
 # TL;DR
 
 ## Docker Compose

hardening_manifest.yaml

@@ -73,6 +73,11 @@ resources:
   validation:
     type: sha256
     value: 6ad9c7bdf517a808242b998ac20063c41532a570d088d77eec1ee12b0b5574bc
+- filename: astroid-2.5.1-py3-none-any.whl
+  url: https://files.pythonhosted.org/packages/f1/49/d51e5ce77ea234ee416966e489283512a9852f78d9ff125747eae29e7b69/astroid-2.5.1-py3-none-any.whl
+  validation:
+    type: sha256
+    value: 21d735aab248253531bb0f1e1e6d068f0ee23533e18ae8a6171ff892b98297cf
 
 # List of project maintainers
 maintainers: