Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

ci: Run CVE scanning for latest release and master build #3086

Merged
merged 3 commits into from
May 28, 2020
Merged

ci: Run CVE scanning for latest release and master build #3086

merged 3 commits into from
May 28, 2020

Conversation

stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented May 28, 2020
edited

This PR adds CVE scanning with trivy for Flux container images (latest release/pre-release).
The scan runs every day in GitHub Actions and should email the Flux CD team if CVEs are found.

@stefanprodan stefanprodan added the build About the build or test scaffolding label May 28, 2020
squaremo
squaremo approved these changes May 28, 2020
View reviewed changes
Copy link
Member

@squaremo squaremo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great addition, thanks Stefan! 🍇

Would it make sense to run the CVE check in the release build, so it'll fail if there are problems? (we can always toggle that step for a particular release to force a release through)

@stefanprodan
Copy link
Member Author

@squaremo the release workflow is still on CircleCI. I've add the CVE scan to the migration list here #2944

@stefanprodan stefanprodan merged commit cd2819d into master May 28, 2020
@stefanprodan stefanprodan deleted the cve-scan branch May 28, 2020 14:46
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@squaremo squaremo squaremo approved these changes

Assignees
No one assigned
Labels
build About the build or test scaffolding
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@stefanprodan @squaremo