fix: resolve CVE-2025-15558 and improve image scan workflow

EItanya · claude · EItanya · commit 5dc16f5485de · 2026-03-09T12:18:32.000Z
Bump go-containerregistry from v0.20.7 to v0.21.2 in skills-init Dockerfile to fix CVE-2025-15558 (docker/cli privilege escalation). Add fail-fast: false to image scan matrix and include golang-adk image. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml
@@ -23,12 +23,14 @@ env:
 jobs:
   build:
     strategy:
+      fail-fast: false
       matrix:
         image:
           - controller
           - ui
           - app
           - skills-init
+          - golang-adk
     runs-on: ubuntu-latest
     services:
       registry:
diff --git a/docker/skills-init/Dockerfile b/docker/skills-init/Dockerfile
@@ -1,7 +1,7 @@
 ### Stage 0: build krane
 FROM golang:1.25-alpine AS krane-builder
 
-ENV KRANE_VERSION=v0.20.7
+ENV KRANE_VERSION=v0.21.2
 WORKDIR /build
 
 RUN apk add --no-cache git && \
