At our client we recently did a Twistlock scan of the following ODH images:
All of them failed with critical vulnerabilities. In order to use these
images they cannot have critical or severe vulnerabilities, or we must get
a security exception and assume the risk. For the time being our usage of
the images is blocked. I have put in a request for an exemption, but not
sure if that will be successful, and in general these look like solvable
issues via package upgrades. For most of them it's just PyYaml and numpy,
so I think changing the versions could solve it. However, spark has a ton
of criticals, mostly related to jackson-core. I know that's something
that's a general issue with spark so probably no solution there for the
In the meantime I can make my own modifications to try to handle the PyYaml
and numpy vulnerabilities, but I also don't have access to Twistlock so I
have to take a shot in the dark at solving them, put in the request, and
wait for a couple of days just to see if it fails again.
I've attached the reports here.