Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(devcontainer): add trivy and its VSCode Extension #2650

Open
petermetz opened this issue Aug 31, 2023 · 0 comments
Open

docs(devcontainer): add trivy and its VSCode Extension #2650

petermetz opened this issue Aug 31, 2023 · 0 comments
Assignees
@petermetz
Labels
Developer_Experience documentation Improvements or additions to documentation good-first-issue Good for newcomers good-first-issue-100-introductory P3 Priority 3: Medium Security Related to existing or potential security vulnerabilities
Milestone
v2.1.0

Comments

@petermetz
Copy link
Member

Description

As a contributor I want to have a way to conveniently run a trivy security scan on my branches locally so that I'm getting much faster feedback about checks that will fail on the CI (we ran trivy checks for container scanning)

https://github.com/aquasecurity/trivy-vscode-extension

Acceptance Criteria

  1. The dev container image is updated so that it ships with the trivy binary
  2. The dev container configuration file is updated so that the VSCode extension is part of the recommended extensions: https://marketplace.visualstudio.com/items?itemName=AquaSecurityOfficial.trivy-vulnerability-scanner ( AquaSecurityOfficial.trivy-vulnerability-scanner)
  3. The .vscode/extensions.json file is also updated so that the scanner is part of the extensions there as well
@petermetz petermetz added this to the v2.1.0 milestone Aug 31, 2023
@petermetz petermetz self-assigned this Aug 31, 2023
@petermetz petermetz added documentation Improvements or additions to documentation Developer_Experience Security Related to existing or potential security vulnerabilities labels Aug 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

Labels
Developer_Experience documentation Improvements or additions to documentation good-first-issue Good for newcomers good-first-issue-100-introductory P3 Priority 3: Medium Security Related to existing or potential security vulnerabilities
Projects
Cacti_Scrum_Project_v2.1.0_Release
Status: Todo
Milestone
v2.1.0
Development

No branches or pull requests
1 participant
@petermetz