Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable scans for vulnerabilities #139

Closed
DnPlas opened this issue Oct 7, 2024 · 1 comment · Fixed by #141
Closed

Enable scans for vulnerabilities #139

DnPlas opened this issue Oct 7, 2024 · 1 comment · Fixed by #141
Labels
enhancement New feature or request

Comments

@DnPlas
Copy link
Collaborator

DnPlas commented Oct 7, 2024

Context

It must be ensured that the rocks in this repository are scanned for security vulnerabilities as part of the vulnerability response. This effort means enabling vulnerability scans and automated reports for the rock.

What needs to get done

Ensure the rock repository is using the reusable workflow for oci-images proposed in canonical/charmed-kubeflow-workflows#69 for:

  1. On merge PRs
  2. On schedule runs (weekly)
  3. Workflow dispatch

Definition of Done

The reusable workflow is in place and runs on merge, schedule runs, and a workflow dispatch is enabled.
@DnPlas DnPlas added the enhancement New feature or request label Oct 7, 2024
@syncronize-issues-to-jira Syncronize issues to Jira
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-6404.

This message was autogenerated

DnPlas added a commit that referenced this issue Oct 15, 2024
@DnPlas
ci: enable scheduled trivy scanner and report vulnerabilities as GH i…
c1fbf0e 
…ssues

This workflow enables a scheduled scanner (that can also be run from a workflow dispatch) to
scan images using the trivy scanner. At the same time, enables the automatic creation/edition
of Github issues when a vulnerability is found.

Fixes #139
@DnPlas DnPlas mentioned this issue Oct 15, 2024
Merged
@DnPlas DnPlas closed this as completed in dc7283f Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: enable scheduled trivy scanner and report vulnerabilities as GH issues canonical/kubeflow-rocks
1 participant
@DnPlas