Sre 2505 trivy #61
Merged
Sre 2505 trivy #61
Commits on Sep 26, 2024
-
Limit scope of changes that are monitored by Trivy scan
Do not start Trivy scan if changes not related to dependencies. Run Trivy on daily bases. Add badge to follow cycle Trivy scans Enable scans on request Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 9, 2024
-
Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 10, 2024
-
fix: restore unnecessary cache backend
Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 15, 2024
-
Merge remote-tracking branch 'origin/master' into grom72/SRE-2505-trivy
Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 21, 2024
-
Fix: addjust monitored files list.
https://aquasecurity.github.io/trivy/v0.56/docs/coverage/language/#supported-languages provides the full list of scanned file in the 'filesystem' scan. Keep the same condition for PR and merge trigger. Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
-
Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 22, 2024
-
Fix: simplify triggering rules
Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 24, 2024
-
SRE-2505 ci: Fix Trivy scan upload to the Security tab
Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 28, 2024
-
DAOS-16175 container: fix a case for cont_iv_hdl_fetch (daos-stack#15395
) In reintegrate case, ever hit case that the IC_CONT_CAPA cache is valid locally but cont open handle invalid (not in dt_cont_hdl_hash). For this case invalidate local IV cache first and retry again, to avoid in-flight UPDATE's failure because obj_ioc_init() -> ds_cont_find_hdl() -> cont_iv_hdl_fetch() failure - DBUG src/engine/server_iv.c:409 ivc_on_fetch() FETCH: Key [1:7] entry 0x7fb31063b550 valid yes DBUG src/engine/server_iv.c:1042 iv_op_internal() class_id 7 opc 1 rc 0 ERR src/object/srv_obj.c:2174 obj_ioc_begin_lite() Failed to initialize object I/O context.: DER_NO_HDL(-1002): 'Invalid handle' Signed-off-by: Xuezhao Liu <[email protected]>
-
SRE-2505 ci: Trivy scans tuning
- Use GHA cache to avoid Trivy scan failure Trivy CVEs database downloads fails often. The most promissing solution is to use cache and download the database once a day. CVEs database is cached during daily build (`schedule`). Cache is not used if `master` branch cache is not available. https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#updating-caches-in-the-default-branch - Avoid Trivy scanners re-initialization https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#skipping-setup-when-calling-trivy-action-multiple-times The latest available version of `aquasecurity/trivy-action` is used to be able to use `skip-setup-trivy` parameter. Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
-
Merge remote-tracking branch 'origin/master' into grom72/SRE-2505-trivy
Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
-
SRE-2505 ci: Trivy scans optimization
- Use GHA cache to avoid Trivy scan failure Trivy CVEs database downloads fails often. The most promissing solution is to use cache and download the database once a day. CVEs database is cached during daily build (`schedule`). Cache is not used if `master` branch cache is not available. https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#updating-caches-in-the-default-branch - Avoid Trivy scanners re-initialization https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#skipping-setup-when-calling-trivy-action-multiple-times The latest available version of `aquasecurity/trivy-action` is used to be able to use `skip-setup-trivy` parameter. Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 29, 2024
-
common: update workflow documentation
Doc-only: true Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Commits on Oct 30, 2024
-
Make the solution more reliable and more simple
Use external caching mechanism to ensure PR scan not failing. Signed-off-by: Tomasz Gromadzki <[email protected]> Signed-off-by: Tomasz Gromadzki <[email protected]>
-
Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
-
Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
-
Required-githooks: true Signed-off-by: Tomasz Gromadzki <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.