4.5-beta6 images have multiple vulnerabilities according to quay.
Most of these should be fixed in OCP build, lets focus on OKD-specific bits first

FYI: RC shows even more vulnerable images. 63 in total vs 45 on beta6.
i was told the OKD and OCP images are the same, so this problem should be fixed once RedHat releases new images right?
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
/remove-lifecycle stale
The CSO (Container Security Operator) still reports a lot of CVEs on 4.5.0-0.okd-2020-10-15-235428. OCP 4.5.15 on the other hand is fine.
For example check the cluster-node-tuning-operator (quay.io/openshift/okd-content@sha256:6b4bf0926816c18a607b5c57933c2d3a4af7d2a497a096b67c9fe892d2333be4)
https://quay.io/repository/openshift/okd-content/manifest/sha256:6b4bf0926816c18a607b5c57933c2d3a4af7d2a497a096b67c9fe892d2333be4?tab=vulnerabilities
Any news why that happens? If the content of the images is identically to OCP @vrutkovs it is strange that there are such differences.
The images mostly seem to be built of this image here:
registry.svc.ci.openshift.org/openshift/origin-v4.0:base
In former discussions I understood from @vrutkovs that the plan is to use UBI base images because they are built regularly. This should also fix the CVE problem.
What is the reason that ubi images are not used for OKD ?
Here is the discussion about what happened and how it will be resolved for OKD 4.6 (++):
https://kubernetes.slack.com/archives/C6BRQSH2S/p1604218274392100
It seems that the CVEs are still present in 4.6.0-0.okd-2020-12-12-135354. Did i miss something?
e.g. openshift-cluster-node-tuning-operator:
https://quay.io/repository/openshift/okd-content/manifest/sha256:5a66e66d72720bd6434ba69d1da6793dd7ac13ebb41e8abac29ae464358a200c?tab=vulnerabilities
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten
/remove-lifecycle stale
/remove-lifecycle rotten
@slauger
Most helpful comment
/remove-lifecycle rotten