Skip to content

Commit

Permalink
chore: Ignore "CIS-DI-0006" container scan best practice check
Browse files Browse the repository at this point in the history 
CIS-DI-0006 is raised because the resulting image has no HEALTHCHECK instruction.

HEALTHCHECK is not part of the OCI spec, but is very Docker-specific.
And, as commented in [1], Jib has no intention to support it,
unless the core OCI spec supports it.

Plus, Kubernetes makes use of its own Startup / Liveness / Readiness
probes for health checks.

[1] GoogleContainerTools/jib#676 (comment)
  • Loading branch information
@rm3l
rm3l committed Jun 14, 2021
1 parent a8b5beb commit 645f8d0
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions .github/containerscan/allowedlist.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
general:
vulnerabilities: []
bestPracticeViolations:
# CIS-DI-0006 : "not found HEALTHCHECK statement"
# HEALTHCHECK is not part of the OCI spec, but Docker-specific.
# And Jib has no intention to support it, unless the core OCI spec supports it.
# https://github.com/GoogleContainerTools/jib/issues/676#issuecomment-442533758
# Plus, Kubernetes makes use of its own Startup / Liveness / Readiness probes for health checks.
- CIS-DI-0006

0 comments on commit 645f8d0

Please sign in to comment.