Skip to content

Latest commit

 

History

History
46 lines (33 loc) · 1.53 KB

verify-app-scanning-supply-chain.hbs.md

File metadata and controls

46 lines (33 loc) · 1.53 KB

Verify scanning with Supply Chain integration

This topic tells you how to verify scanning with Supply Chains.

Create a workload

Create a sample workload with a pre-built image by using the tanzu apps workload create command:

tanzu apps workload create WORKLOAD-NAME \
  --app APP-NAME \
  --git-repo GIT-REPO \
  --git-branch GIT-BRANCH \
  --type TYPE \
  --namespace DEV-NAMESPACE

Where:

  • WORKLOAD-NAME is the name you choose for your workload.
  • APP-NAME is the name of your app.
  • GIT-REPO is the Git repository from which the workload is created.
  • GIT-BRANCH is the branch in a Git repository from where the workload is created.
  • TYPE is the type of your app.
  • DEV-NAMESPACE is the name of the developer namespace where scanning occurs.

Note For information about how to use the Tanzu CLI workload creation, see Create a Workload.

Retrieve scan results

Scan results are uploaded to the container image registry as an imgpkg bundle. To retrieve a vulnerability report:

  1. Retrieve the result location from the ImageVulnerabilityScan CR Status:

    SCAN_RESULT_URL=$(kubectl get imagevulnerabilityscan my-scan -n DEV-NAMESPACE -o jsonpath='{.status.scanResult}')
  2. Download the bundle to a local directory and list the content:

    imgpkg pull -b $SCAN_RESULT_URL -o scan-results/
    ls scan-results/