Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: configure trivy scans #83

Merged
merged 1 commit into from
Nov 15, 2023
Merged

ci: configure trivy scans #83

merged 1 commit into from
Nov 15, 2023

Conversation

scherersebastian
Copy link
Member

Description

eclipse-tractusx/sig-security#25

Setup trivy scans.
You don't need the trivy config scan - kics does this job.
I configured for you the trivy container scans for your frontend and backend.
In future, please add the latest tag to your published images and configure the latest tag in the trivy workflow config.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 13, 2023
View reviewed changes
.github/workflows/trivy.yml Dismissed Show dismissed Hide dismissed
.github/workflows/trivy.yml Dismissed Show dismissed Hide dismissed
.github/workflows/trivy.yml Dismissed Show dismissed Hide dismissed
@scherersebastian scherersebastian mentioned this pull request Nov 13, 2023
Closed
5 tasks
mhellmeier
mhellmeier reviewed Nov 14, 2023
View reviewed changes
Copy link
Member

@mhellmeier mhellmeier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good so far. The KICS messages could be addressed by changing the version of the images with the commit hash.

@scherersebastian
Copy link
Member Author

@mhellmeier you are correct.
I already resolved the conflicts as "false positives", because the used actions are published by GitHub and Aquasec which are "reputable" sources.
If you want to have the hash instead, please go for it - it's your code :) (~not meant disrespectfully)

@tom-rm-meyer-ISST tom-rm-meyer-ISST mentioned this pull request Nov 15, 2023
Closed
@tom-rm-meyer-ISST
Copy link
Contributor

Added issue #86 to resolve KICS and handling the latest tag for Docker Hub.

tom-rm-meyer-ISST
tom-rm-meyer-ISST approved these changes Nov 15, 2023
View reviewed changes
Copy link
Contributor

@tom-rm-meyer-ISST tom-rm-meyer-ISST left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @scherersebastian! Solves eclipse-tractusx/sig-security#25

@tom-rm-meyer-ISST tom-rm-meyer-ISST merged commit 3c34ecd into main Nov 15, 2023
8 checks passed
@tom-rm-meyer-ISST tom-rm-meyer-ISST deleted the ci/setup-trivy-scans branch November 15, 2023 08:51
@tom-rm-meyer-ISST tom-rm-meyer-ISST mentioned this pull request Nov 17, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhellmeier mhellmeier mhellmeier left review comments

@tom-rm-meyer-ISST tom-rm-meyer-ISST tom-rm-meyer-ISST approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@scherersebastian @tom-rm-meyer-ISST @mhellmeier