Add trivy #35
Add trivy #35
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
paulomach
requested review from
paulomach,
taurus-forever,
shayancanonical and
carlcsaposs-canonical
|
@paulomach is this PR relevant today (given that it's from 2023-11)? if so:
also, would it be possible rebase this PR so that trivy is added to the reusable workflows? |
I believe it is. The fact that it's old is about us missing it, instead of it not being important.
Ensuring the rock is up-to-date for CVE. Nowadays we are just rebuilding it on our need (e.g. outdated snap) and not when some of the content has vulnerability
The duty engineer. Trivy alers will be shown on repo's security report
That's not a bad idea, since all rocks would benefit. @zmraul want to venture on that? |
|
I believe other teams may be working on other solutions in parallel that are more aligned with other future plans and that we may be duplicating their efforts here |
|
Will talk Enrico the next week. AFAIK BigData uses Trivy.... and maybe we should add it to dpw. P.S. we need to retriger it at least:
|
…nto test/add-trivy
|
@paulomach should we also bump mysql in rock? https://github.com/canonical/charmed-mysql-rock/actions/runs/10424799108/job/28874336111 |
yep |
|
Trivy is not willing to fly :-( https://github.com/canonical/charmed-mysql-rock/actions/runs/10425483416/job/28876474051?pr=35 |
Test trivy action