Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: fail container scans on vulnerability scan results #31092

Merged
merged 1 commit into from Mar 4, 2024
Merged

ci: fail container scans on vulnerability scan results #31092

merged 1 commit into from Mar 4, 2024

Conversation

ferozsalam
Copy link
Contributor

Now that we have a method of marking false positives using VEX documents, we cam make the container scanning workflow a failing step.

Also reduce the permission of the workflow.

@ferozsalam ferozsalam added kind/enhancement This would improve or streamline existing functionality. area/CI Continuous Integration testing issue or flake labels Mar 1, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 1, 2024
@ferozsalam ferozsalam added the release-note/ci This PR makes changes to the CI. label Mar 1, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 1, 2024
@ferozsalam ferozsalam force-pushed the pr/feroz/fail-on-container-scanning-results branch from 78651d5 to 5d77f0f Compare March 4, 2024 15:59
@ferozsalam
Fail container scans on vulnerability scan results
460f6bc 
Now that we have a method of marking false positives using VEX documents, we cam
make the container scanning workflow a failing step.

Also reduce the permission of the workflow.

Signed-off-by: Feroz Salam <feroz.salam@isovalent.com>
@ferozsalam ferozsalam force-pushed the pr/feroz/fail-on-container-scanning-results branch from 5d77f0f to 460f6bc Compare March 4, 2024 16:00
@ferozsalam
Copy link
Contributor Author

Example run: https://github.com/cilium/cilium/actions/runs/8143257697

@ferozsalam ferozsalam marked this pull request as ready for review March 4, 2024 16:30
@ferozsalam ferozsalam requested review from a team as code owners March 4, 2024 16:30
@aanm
Copy link
Member

aanm commented Mar 4, 2024

/test

@aanm aanm enabled auto-merge March 4, 2024 19:24
@aanm aanm added this pull request to the merge queue Mar 4, 2024
Merged via the queue into main with commit 9a5cfb8 Mar 4, 2024
78 of 83 checks passed
@aanm aanm deleted the pr/feroz/fail-on-container-scanning-results branch March 4, 2024 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aanm aanm aanm approved these changes

@christarazi christarazi Awaiting requested review from christarazi christarazi is a code owner automatically assigned from cilium/ci-structure

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake kind/enhancement This would improve or streamline existing functionality. release-note/ci This PR makes changes to the CI.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ferozsalam @aanm