cf-bosh@lists.cloudfoundry.org | BOSH Stemcells and vulnerability scanning

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

BOSH Stemcells and vulnerability scanning

Jonathan Stockley #2126 Hi, before deploying/upgrading a stemcell in production our security group runs vulnerability scans on our staging deployments. The problem is that by the time we get the stemcell into staging (about a 4-6 weeks), they have updated the vulnerability database and then there scan find new issues. How often are people upgrading stemcells in production? How do you handle vulnerability scanning of BOSH deployed apps? How about run.pivotal.io? How do they address this? Thanks, Jo
More All Messages By This Member
James Bayer #2127 pivotal deploys updated stemcells regularly to PWS. high and critical CVEs have a 48hr goal. we catch up on lows and mediums generally approximately once per month. On Wed, Mar 1, 2017 at 5:48 PM, Jonathan Stockley <jstockle(a)opentext.com> wrote: Hi, before deploying/upgrading a stemcell in production our security group runs vulnerability scans on our staging deployments. The problem is that by the time we get the stemcell into staging (about a 4-6 weeks), they have updated the vulnerability database and then there scan find new issues. How often are people upgrading stemcells in production? How do you handle vulnerability scanning of BOSH deployed apps? How about run.pivotal.io? How do they address this? Thanks, Jo -- Thank you, James Bayer attachment.html attachment.html
More All Messages By This Member
Daniel Jones #2128 Just to chip in, we've helped folks consume updates for their CF deployments that averaged out at a new thing (stemcell, release) every 4 days. Having your entire platform pipelined with something like Concourse makes a massive difference - if you're not used to this pace of change and are trying to do things manually, you'll never keep up. It shouldn't take more than hours to get a new stemcell tested and into production. Regards, Daniel Jones - CTO +44 (0)79 8000 9153 @DanielJonesEB <https://twitter.com/DanielJonesEB> EngineerBetter Ltd <http://www.engineerbetter.com> - UK Cloud Foundry Specialists toggle quoted message Show quoted text On 2 March 2017 at 06:02, James Bayer <jbayer(a)pivotal.io> wrote: pivotal deploys updated stemcells regularly to PWS. high and critical CVEs have a 48hr goal. we catch up on lows and mediums generally approximately once per month. On Wed, Mar 1, 2017 at 5:48 PM, Jonathan Stockley <jstockle(a)opentext.com> wrote: Hi, before deploying/upgrading a stemcell in production our security group runs vulnerability scans on our staging deployments. The problem is that by the time we get the stemcell into staging (about a 4-6 weeks), they have updated the vulnerability database and then there scan find new issues. How often are people upgrading stemcells in production? How do you handle vulnerability scanning of BOSH deployed apps? How about run.pivotal.io? How do they address this? Thanks, Jo -- Thank you, James Bayer attachment.html attachment.html
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms