Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tools: run trivy vulnerability scanner on the 'latest' docker image #1980

Merged
merged 2 commits into from May 21, 2023
Merged

tools: run trivy vulnerability scanner on the 'latest' docker image #1980

merged 2 commits into from May 21, 2023

Conversation

nodiscc
Copy link
Member

@nodiscc nodiscc commented May 2, 2023
edited

@nodiscc
run trivy vulnerability scanner on the 'latest' docker image
d48e06f 
- run trivy from makefile so that it can be run both locally and through github actions
- usage: make test_trivy TRIVY_TARGET_DOCKER_IMAGE=regist.ry/user/image:tag
- tested by downgrading the base image to alpine 3.15.7 and verifying that vulnerabilities are reported (https://github.com/nodiscc/Shaarli/actions/runs/4860040980/jobs/8663400103)
- TEMP/TESTING only push image to ghcr.io, run trivy on trivy branch/docker tag as well as master
- ref. shaarli#1531
@nodiscc
tools/github actions: revert temporary changes used for trivy tests o…
22b4044 
…n fork/branch
@nodiscc nodiscc added security tools developer tools docker containers & cloud labels May 2, 2023
@nodiscc nodiscc mentioned this pull request May 2, 2023
Closed
@nodiscc

This comment was marked as outdated.

Sign in to view
@nodiscc nodiscc mentioned this pull request May 2, 2023
Closed
3 tasks
@nodiscc nodiscc merged commit f64b466 into shaarli:master May 21, 2023
6 checks passed
@nodiscc nodiscc deleted the trivy branch May 21, 2023 18:29
nodiscc added a commit that referenced this pull request May 21, 2023
@nodiscc
gihub actions: fix value of TRIVY_TARGET_DOCKER_IMAGE
0eee6a2 
- fixes Error response from daemon: no such image: ghcr.io/***:trivy: No such image: ghcr.io/***:trivy
- introduced in #1980 but the test target branch/tag was never reverted to 'latest'
@nodiscc nodiscc mentioned this pull request May 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@virtualtam virtualtam Awaiting requested review from virtualtam

@ArthurHoaro ArthurHoaro Awaiting requested review from ArthurHoaro

Assignees
No one assigned
Labels
docker containers & cloud security tools developer tools
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@nodiscc