Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: run trivy vulnerability scanner on the 'latest' docker image #1980

Merged
merged 2 commits into from
May 21, 2023

Conversation

nodiscc
Copy link
Member

@nodiscc nodiscc commented May 2, 2023

- run trivy from makefile so that it can be run both locally and through github actions
- usage: make test_trivy TRIVY_TARGET_DOCKER_IMAGE=regist.ry/user/image:tag
- tested by downgrading the base image to alpine 3.15.7 and verifying that vulnerabilities are reported (https://github.com/nodiscc/Shaarli/actions/runs/4860040980/jobs/8663400103)
- TEMP/TESTING only push image to ghcr.io, run trivy on trivy branch/docker tag as well as master
- ref. shaarli#1531
@nodiscc nodiscc added security tools developer tools docker containers & cloud labels May 2, 2023
@nodiscc

This comment was marked as outdated.

@nodiscc nodiscc merged commit f64b466 into shaarli:master May 21, 2023
@nodiscc nodiscc deleted the trivy branch May 21, 2023 18:29
nodiscc added a commit that referenced this pull request May 21, 2023
- fixes Error response from daemon: no such image: ghcr.io/***:trivy: No such image: ghcr.io/***:trivy
- introduced in #1980 but the test target branch/tag was never reverted to 'latest'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docker containers & cloud security tools developer tools
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant