Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

replace twistlock scanning with trivy #1440

Merged
merged 1 commit into from
Nov 6, 2024

Conversation

ap00rv
Copy link
Contributor

@ap00rv ap00rv commented Oct 23, 2024

Background

This PR is being created to enable trivy scanning for this repository by replacing the existing cve_scan and run_maven_cve_scan semaphore configurations with trivy_scan.
This is part of a larger effort to improve Third party vulnerability (CVE) detection workflow for connectors by:

  • letting developers verify the fixes for third party vulnerabilities at PR stage
  • failing the pipeline if CRITICAL third-party vulnerabilities are found
  • letting developers get a self-service exception for CRITICAL vulnerabilities using .trivyignore file

🚨## Action needed🚨
Please approve and merge this change. Once you merge it, you will get another PR from service-bot to add trivy scanning steps to the pipeline.
** Please approve both PRs before November 11, 2024.**
If status checks are failing, please debug as necessary. Contact #appsec slack channel for help.

@confluent-cla-assistant
Copy link

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

@ap00rv ap00rv marked this pull request as ready for review October 23, 2024 22:49
@ap00rv ap00rv requested a review from a team as a code owner October 23, 2024 22:49
@sonarqube-confluent

This comment has been minimized.

@sangeet259 sangeet259 changed the base branch from master to 10.0.x November 6, 2024 12:04
@sangeet259 sangeet259 changed the base branch from 10.0.x to master November 6, 2024 12:12
@airlock-confluentinc airlock-confluentinc bot force-pushed the replace-twistlock-with-trivy branch from 1613682 to 25a9a03 Compare November 6, 2024 12:44
@sangeet259 sangeet259 changed the base branch from master to 10.6.x November 6, 2024 12:44
@sangeet259 sangeet259 changed the base branch from 10.6.x to master November 6, 2024 12:46
@sangeet259 sangeet259 changed the base branch from master to 10.6.x November 6, 2024 12:47
@sonarqube-confluent
Copy link

Passed

Analysis Details

0 Issues

  • Bug 0 Bugs
  • Vulnerability 0 Vulnerabilities
  • Code Smell 0 Code Smells

Coverage and Duplications

  • Coverage No coverage information (83.40% Estimated after merge)
  • Duplications No duplication information (2.50% Estimated after merge)

Project ID: kafka-connect-jdbc

View in SonarQube

@sangeet259 sangeet259 merged commit 692f81a into 10.6.x Nov 6, 2024
2 checks passed
@sangeet259 sangeet259 deleted the replace-twistlock-with-trivy branch November 6, 2024 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants