New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker Image Vulnerability Scanning #3396

Open

1 of 4 tasks

teor2345 opened this issue Feb 19, 2025 · 1 comment

Assignees

Labels

devops enhancement

Member

teor2345 commented Feb 19, 2025 •

edited

Loading

We want to scan Docker images for the following reasons:

avoid introducing new vulnerable dependencies (partially implemented by rustsec audit)
discover new vulnerabilities in existing dependencies, and fix them (partially implemented by rustsec audit)
detect new and existing vulnerabilities while building and releasing images
discover new vulnerabilities in already published images

PR #3387 implements some of these purposes, but we need to add more workflows to implement the rest.

teor2345 added devops enhancement labels

teor2345 mentioned this issue

Snyk vulnerability scan #3387

Merged

1 task

DaMandal0rian self-assigned this

Member Author

teor2345 commented Feb 20, 2025

Here’s where we got to in PR #3387:
#3387 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment