Skip to content

Automate Docker image vulnerability scanning #6078

New issue
New issue
Open
#6110
Open
Automate Docker image vulnerability scanning#6078
#6110
Labels
build-pipeline
Milestone
0.35.0
@patchwork01

Description

@patchwork01
patchwork01
opened on Nov 20, 2025

User Story

As a developer of Sleeper, I want to know when any vulnerabilities are present in Sleeper's Docker images, so that I can resolve them quickly.

Description / Background

We'd like to automate scanning for security vulnerabilities in all the Docker images we build.

Technical Notes / Implementation Details

This includes:

  • Images defined in DockerDeployment, for ECS tasks and EKS bulk import
  • Images defined in LambdaJar, for deploying lambdas with Docker
  • Images for the Sleeper CLI

There are a lot of options for scanners:

https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html#rule-9-integrate-container-scanning-tools-into-your-cicd-pipeline

UPDATE:

Set this up in GitHub Actions with Trivy in PR #6110, but it found a number of problems. We can either suppress them for now and raise separate issues (e.g. #6108), or we can fix them now.

Metadata

Metadata

Assignees

No one assigned

    Labels

    build-pipeline

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions