Functions image release process
Bala G edited this page Sep 25, 2021
·
1 revision
Functions images built using the dockerfiles in this repo are refreshed as part of every new functions runtime release. This happens roughly twice a month. During this refresh, the latest updates from the different base images that the functions images depend on are also re-pulled and included in the images automatically. Additionally any appservice image built from this repo, will automatically get deployed to the functions platform at that time as well.
Security updates
Qualys scan is used to track vulnerabilities in functions images. The mitigation steps depend on the component the vulnerability is reported in.
- For vulnerabilities reported in the functions binaries including functions runtime, language workers, patches will be built and deployed as part of the next functions runtime release. Functions team will own this process end-end.
- For vulnerabilities reported in external dependencies included as part of the functions images Ex: Debian OS, utilities, language runtimes, we rely on the respective component owners to release a patch. Once a patch is made available, new functions images incorporating those changes will be made available within 2 weeks. For faster turnaround in refreshing the images from the date of release of a patch, instructions are available here to build and deploy these images on demand
Note: Vulnerabilities with no patches are not actionable unless the responsible component is owned by the Functions team.