Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: scan repository with trivy security scanner (yarn.lock, composer.lock) #14

Closed
wants to merge 1 commit into from

Conversation

nodiscc
Copy link
Owner

@nodiscc nodiscc commented May 21, 2023

Moved to shaarli#1998

@nodiscc nodiscc self-assigned this May 21, 2023
@nodiscc nodiscc force-pushed the trivy-repo-scan branch 2 times, most recently from 00b5855 to 9d82d53 Compare June 12, 2023 20:24
…poser.lock)

- run scan on each push/pull request update
- can be run locally using make test_trivy_repo
- exit with error code 0/success when vulnerabilities are found,  as not to make the workflow fail, a separate periodic run that exits with code 1 should be added in parallel
- update trivy to v0.43.0
- https://github.com/aquasecurity/trivy/releases/tag/v0.43.0
- also consider TRIVY_EXIT_CODE when running trivy on the latest docker image
- ref. shaarli#1531
@nodiscc nodiscc closed this Jun 30, 2023
@nodiscc nodiscc deleted the trivy-repo-scan branch July 6, 2023 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant