Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

April 15th, 2024 Community Meeting #200

Closed
qu1queee opened this issue Apr 10, 2024 · 5 comments
Closed

April 15th, 2024 Community Meeting #200

qu1queee opened this issue Apr 10, 2024 · 5 comments

Comments

@qu1queee
Copy link
Contributor

  • Please add a topic in this thread and add a link to the GitHub issue associated with the topic.
  • Please make sure you give folks enough time to review/discuss the topic offline on GitHub before coming into the meeting
  • (optional) Paste the image of an animal 😸
@qu1queee
Copy link
Contributor Author

I would not be able to join on this day.

@SaschaSchwarze0
Copy link
Member

Any update on /cherry-pick ?

@adambkaplan
Copy link
Member

Impact of SARIF on shipwright-io/build#1489

@adambkaplan
Copy link
Member

Incoming blog post - build Quarkus apps with caching, based on https://youtu.be/6qgYK_ONH_I

@adambkaplan
Copy link
Member

Minutes:

  • Cherry-pick: needs a member of the OpenShift organization to verify/update the repo configuration in github.com/openshift/release.
  • SARIF and SHIP-0033:
    • New standard, used by CodeQL and GitHub's scan feature. Trivy, Snyk, and other tools support SARIF outputs. We need time to digest and understand better (maybe bring in outside experts).
    • SHIP goes beyond running the scan. Desire to block build if CVE of certain severity is detected, ability to ignore a CVE (ex: known issue, impact is less severe in this codebase, etc.).
    • Worth looking into splitting sub-features out into individual PRs so basic functionality is available sooner.
    • Question: where should SARIF output go? Attach to container image using OCI references?
  • Demo of Quarkus + Shipwright: beyond blog post (issues to be filed)
    • New sample strategies
    • Improvements to documentation
    • Convention for build caches?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Done
Development

No branches or pull requests

3 participants