Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try out Trivy container scanner. #51

Merged
merged 2 commits into from
Jul 26, 2024
Merged

Try out Trivy container scanner. #51

merged 2 commits into from
Jul 26, 2024

Conversation

tpendragon
Copy link
Contributor

@tpendragon tpendragon commented Jul 22, 2024
edited
Loading

Refs pulibrary/princeton_ansible#5185

This PR does a few things:

  1. On every PR it runs a container security check, so we know if that PR might introduce or fix a problem. The output of that check is reported via a comment in the PR.
  2. Every morning the container security check runs - if it finds problems it creates an issue (like Container Vulnerability Scanner Failed #58)
  3. On merge to main the scanner runs - if it succeeds, it closes any related security PRs.
  4. Updated our base image for DPUL-Collections to resolve the alerts the scanner found.

@tpendragon tpendragon force-pushed the container-vuln-scanner branch 6 times, most recently from 9b7ae3d to 3d97df7 Compare July 22, 2024 17:57
@tpendragon tpendragon marked this pull request as ready for review July 22, 2024 20:53
@tpendragon tpendragon force-pushed the container-vuln-scanner branch 3 times, most recently from b407994 to 18944da Compare July 24, 2024 19:29
@tpendragon
Copy link
Contributor Author

Leaving notes here:

https://github.com/marketplace/actions/create-or-update-comment
https://github.com/marketplace/actions/close-issue

@tpendragon tpendragon force-pushed the container-vuln-scanner branch 3 times, most recently from eff23fd to ad7f6f4 Compare July 25, 2024 21:46
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 25, 2024
edited
Loading

Container Scanning Status: ✅ Success


ghcr.io/pulibrary/dpul-collections:pr-51 (debian 12.6)
======================================================
Total: 0 (HIGH: 0, CRITICAL: 0)

@tpendragon tpendragon force-pushed the container-vuln-scanner branch 6 times, most recently from d3534c6 to 68d501f Compare July 25, 2024 22:13
@tpendragon tpendragon merged commit a62c8ff into main Jul 26, 2024
4 checks passed
@tpendragon tpendragon deleted the container-vuln-scanner branch July 26, 2024 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hackartisan hackartisan hackartisan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tpendragon @hackartisan