-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Docs]: docs should more clearly describe the cve scanning feature and how to enable it #138
Comments
Some clarifications in general:
Not sure how much of this needs to get into the end-user documentation |
Thanks for all the details @andaaron - I think most of this should be in the docs, although number 3 can probably be summarized a bit. If we got all this info into the docs, it'd resolve all my questions in this issue. in particulara the details in 5 and 6 are very relevant for someone wanting to deploy this, so they can size things. maybe point 7 can be left out, but even that might be useful. and if there isn't an easy way to tell which version of the trivy go library was used in a given zot build, we should consider adding that IMO. |
zot version
v1.4.3
Describe the bug
looking for details about how to config and use the cve scanning feature, I only see references to the zli command and the search extension at https://zotregistry.io/v1.4.3/admin-guide/admin-configuration/?h=cve#enhanced-searching-and-querying-images
We should have a separate section for this, and clearly explain what it scans and when, how to enable it, and what tools it uses under the hood.
also, does it require the search extension?
I assume it scans each tag by extracting it then scanning the resulting rootfs, probably on push, but I think we should be explicit in the docs.
To reproduce
n/a
Expected behavior
No response
Screenshots
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: