Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure security scans #3

Merged
merged 1 commit into from
Apr 5, 2023
Merged

Configure security scans #3

merged 1 commit into from
Apr 5, 2023

Conversation

VOID404
Copy link
Contributor

@VOID404 VOID404 commented Apr 3, 2023
edited
Loading

Description

Changes proposed in this pull request:

  • configure trivy security scans

Related issue(s)
kyma-project/test-infra#7401

@VOID404 VOID404 requested a review from a team as a code owner April 3, 2023 11:30
@kyma-bot kyma-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Apr 3, 2023
@VOID404 VOID404 mentioned this pull request Apr 3, 2023
Merged
@kyma-bot kyma-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Apr 3, 2023
@VOID404
Copy link
Contributor Author

VOID404 commented Apr 3, 2023

Sample logs

@VOID404 VOID404 changed the title [WIP] Configure security scans Configure security scans Apr 3, 2023
@kyma-bot kyma-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 3, 2023
@VOID404
Copy link
Contributor Author

VOID404 commented Apr 3, 2023

This is basically default trivy config, with added --no-progress and --exit-code 1

@kyma-project kyma-project deleted a comment from kyma-bot Apr 3, 2023
Disper
Disper reviewed Apr 3, 2023
View reviewed changes
.trivy.yaml Outdated
cache:
backend: fs
clear: false
dir: /Users/I354967/Library/Caches/trivy
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure whether it's a valid directory as it points to your local dir.

.trivy.yaml Outdated
terraform:
vars: []
module:
dir: /Users/I354967/.trivy/modules
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure whether it's a valid directory as it points to your local dir.

@VOID404 VOID404 requested a review from Disper April 4, 2023 05:46
@kyma-bot kyma-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 4, 2023
mvshao
mvshao reviewed Apr 5, 2023
View reviewed changes
.trivy.yaml Outdated
no-progress: true
exit-code: 1
format: table
ignorefile: .trivyignore
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is a .trivyignore file necessary if we are not going to ignore selected CVEs?

@kyma-bot kyma-bot added the lgtm Looks good to me! label Apr 5, 2023
@VOID404 VOID404 removed the request for review from Disper April 5, 2023 10:56
@kyma-bot kyma-bot merged commit 5cf249a into kyma-project:main Apr 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Disper Disper Disper left review comments

@mvshao mvshao mvshao approved these changes

Assignees

@mvshao mvshao

Labels
lgtm Looks good to me! size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@VOID404 @Disper @mvshao @kyma-bot