Add security scan for the repository #650
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This does a security scan for hardcoded secrets and vulnerable software dependencies. This will hopefully help us prioritize dependency updates in such a way that we don't keep vulnerable dependencies for too long. Note that this should only be detecting `HIGH` and `CRITICAL` vulnerabilities as to not overwhelm the team with warnings. Signed-off-by: Juan Antonio Osorio <[email protected]>
kpacha
approved these changes
Jan 13, 2023
JAORMX
added a commit
to JAORMX/krakend-ce
that referenced
this pull request
Jan 17, 2023
This adds a step in the GitHub Actions CI to automatically build the krakend-ce and builder images and run a security scan on them. Similarly to the repository scans introduced in a previous PR [1], this uses Trivy [2] to run the scans, which allows us to add exceptions if vulnerabilities are not relevant to these images. [1] krakend#650 [2] https://aquasecurity.github.io/trivy/v0.35/ Signed-off-by: Juan Antonio Osorio <[email protected]>
JAORMX
added a commit
to JAORMX/krakend-ce
that referenced
this pull request
Jan 17, 2023
This adds a step in the GitHub Actions CI to automatically build the krakend-ce and builder images and run a security scan on them. Similarly to the repository scans introduced in a previous PR [1], this uses Trivy [2] to run the scans, which allows us to add exceptions if vulnerabilities are not relevant to these images. [1] krakend#650 [2] https://aquasecurity.github.io/trivy/v0.35/ Signed-off-by: Juan Antonio Osorio <[email protected]>
JAORMX
added a commit
to JAORMX/krakend-ce
that referenced
this pull request
Jan 17, 2023
This adds a step in the GitHub Actions CI to automatically build the krakend-ce and builder images and run a security scan on them. Similarly to the repository scans introduced in a previous PR [1], this uses Trivy [2] to run the scans, which allows us to add exceptions if vulnerabilities are not relevant to these images. [1] krakend#650 [2] https://aquasecurity.github.io/trivy/v0.35/ Signed-off-by: Juan Antonio Osorio <[email protected]>
JAORMX
added a commit
to JAORMX/krakend-ce
that referenced
this pull request
Jan 17, 2023
This adds a step in the GitHub Actions CI to automatically build the krakend-ce and builder images and run a security scan on them. Similarly to the repository scans introduced in a previous PR [1], this uses Trivy [2] to run the scans, which allows us to add exceptions if vulnerabilities are not relevant to these images. [1] krakend#650 [2] https://aquasecurity.github.io/trivy/v0.35/ Signed-off-by: Juan Antonio Osorio <[email protected]>
|
This pull request was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This does a security scan for hardcoded secrets and vulnerable software
dependencies. This will hopefully help us prioritize dependency updates
in such a way that we don't keep vulnerable dependencies for too long.
Note that this should only be detecting
HIGHandCRITICALvulnerabilities as to not overwhelm the team with warnings.
Signed-off-by: Juan Antonio Osorio [email protected]