Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable scans for vulnerabilities #55

Closed
DnPlas opened this issue Oct 7, 2024 · 1 comment · Fixed by #57
Closed

Enable scans for vulnerabilities #55

DnPlas opened this issue Oct 7, 2024 · 1 comment · Fixed by #57
Labels
enhancement New feature or request

Comments

@DnPlas
Copy link
Contributor

DnPlas commented Oct 7, 2024

Context

It must be ensured that the rocks in this repository are scanned for security vulnerabilities as part of the vulnerability response. This effort means enabling vulnerability scans and automated reports for the rock.

What needs to get done

Ensure the rock repository is using the reusable workflow for oci-images proposed in canonical/charmed-kubeflow-workflows#69 for:

  1. On merge PRs
  2. On schedule runs (weekly)
  3. Workflow dispatch

Definition of Done

The reusable workflow is in place and runs on merge, schedule runs, and a workflow dispatch is enabled.

@DnPlas DnPlas added the enhancement New feature or request label Oct 7, 2024
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-6405.

This message was autogenerated

DnPlas added a commit that referenced this issue Oct 15, 2024
…ssues

This workflow enables a scheduled scanner (that can also be run from a workflow dispatch) to
scan images using the trivy scanner. At the same time, enables the automatic creation/edition
of Github issues when a vulnerability is found.

Fixes #55
DnPlas added a commit that referenced this issue Oct 16, 2024
#57)

* ci: enable scheduled trivy scanner and report vulnerabilities as GH issues

This workflow enables a scheduled scanner (that can also be run from a workflow dispatch) to
scan images using the trivy scanner. At the same time, enables the automatic creation/edition
of Github issues when a vulnerability is found.

Fixes #55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant