Update scanning to triage privately #22833

PushkarJ · 2021-07-08T23:43:48Z

Refactors storing of results from file artifacts
to bash variables
Alert on failure, where failure is defined as
synk command failed or the filtering of vulnerabilities
was unsuccessful
Adds group email address for triage notifications

k8s-ci-robot · 2021-07-08T23:43:49Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

PushkarJ · 2021-07-09T03:50:58Z

/assign @navidshaikh

/sig security testing
/area jobs config testgrid

navidshaikh

/cc @spiffxp

config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml

- Refactors storing of results from file artifacts to bash variables - Alert on failure, where failure is defined as synk command failed or the filtering of vulnerabilities was unsuccessful - Adds group email address for triage notifications - Improved error handling - Make the log messages consistent in casing

navidshaikh · 2021-07-09T18:50:14Z

/lgtm

PushkarJ · 2021-07-09T19:02:57Z

/assign @michelle192837

k8s-ci-robot · 2021-07-12T17:48:36Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: michelle192837, PushkarJ

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~config/jobs/kubernetes/wg-k8s-infra/trusted/OWNERS~~ [michelle192837]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot · 2021-07-12T18:04:41Z

@PushkarJ: Updated the job-config configmap in namespace default at cluster test-infra-trusted using the following files:

key wg-k8s-infra-trusted.yaml using file config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml

In response to this:

Refactors storing of results from file artifacts
to bash variables

Alert on failure, where failure is defined as
synk command failed or the filtering of vulnerabilities
was unsuccessful

Adds group email address for triage notifications

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jul 8, 2021

k8s-ci-robot requested review from fejta and thockin July 8, 2021 23:44

k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 8, 2021

PushkarJ force-pushed the snyk-triage-priv branch from 436d600 to 2e72baf Compare July 9, 2021 00:10

PushkarJ marked this pull request as ready for review July 9, 2021 03:39

k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 9, 2021

PushkarJ force-pushed the snyk-triage-priv branch 2 times, most recently from 89749d2 to 6f3bdde Compare July 9, 2021 03:50

k8s-ci-robot assigned navidshaikh Jul 9, 2021

k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. sig/testing Categorizes an issue or PR as relevant to SIG Testing. area/jobs area/config Issues or PRs related to code in /config area/testgrid labels Jul 9, 2021

PushkarJ mentioned this pull request Jul 9, 2021

Private Triage Process and Vulnerability Scanning for Build Time Dependencies kubernetes/community#5853

Closed

navidshaikh suggested changes Jul 9, 2021

View reviewed changes

config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml Show resolved Hide resolved

config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml Outdated Show resolved Hide resolved

k8s-ci-robot requested a review from spiffxp July 9, 2021 17:43

PushkarJ force-pushed the snyk-triage-priv branch from 40b379d to 12bf7f0 Compare July 9, 2021 18:48

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 9, 2021

k8s-ci-robot assigned michelle192837 Jul 9, 2021

michelle192837 approved these changes Jul 12, 2021

View reviewed changes

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 12, 2021

k8s-ci-robot merged commit 7c109d9 into kubernetes:master Jul 12, 2021

k8s-ci-robot added this to the v1.22 milestone Jul 12, 2021

PushkarJ mentioned this pull request Jul 15, 2021

Request new group for sig-security-tooling kubernetes/k8s.io#2342

Merged

PushkarJ mentioned this pull request Aug 3, 2021

Send alerts for security tooling to group under kubernetes.io #23112

Closed

PushkarJ mentioned this pull request Sep 14, 2021

[Umbrella] Artifact Vulnerability Scanning and Triage Policy kubernetes/sig-security#3

Open

17 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update scanning to triage privately #22833

Update scanning to triage privately #22833

PushkarJ commented Jul 8, 2021

k8s-ci-robot commented Jul 8, 2021

PushkarJ commented Jul 9, 2021

navidshaikh left a comment

navidshaikh commented Jul 9, 2021

PushkarJ commented Jul 9, 2021

k8s-ci-robot commented Jul 12, 2021

k8s-ci-robot commented Jul 12, 2021

Update scanning to triage privately #22833

Update scanning to triage privately #22833

Conversation

PushkarJ commented Jul 8, 2021

k8s-ci-robot commented Jul 8, 2021

PushkarJ commented Jul 9, 2021

navidshaikh left a comment

Choose a reason for hiding this comment

navidshaikh commented Jul 9, 2021

PushkarJ commented Jul 9, 2021

k8s-ci-robot commented Jul 12, 2021

k8s-ci-robot commented Jul 12, 2021