Skip to content

Fix vulnerability scanner not working in the GitHub actions CI and make it less strict #772

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 14, 2025
Merged

Fix vulnerability scanner not working in the GitHub actions CI and make it less strict #772

merged 3 commits into from
Nov 14, 2025
+7 −11

Conversation

@jormundur00
Copy link
Member

@jormundur00 jormundur00 commented Nov 14, 2025
edited
Loading

What does this PR do?

In this PR, we make the vulnerability scanner less strict by accepting newer versions of docker images if they have less or equal vulnerabilities to the current version (while currently we only accept if they have strictly less vulnerabilities).

Also in this PR, we fix org.graalvm.internal.tck.GrypeTask#getAllowedImagesFromMaster not working in the GitHub actions CI. Previously, whenever this method is reached in the CI, the task would fail with: fatal: invalid object name 'master'.. This happens because the master branch does not exist in the CI, while origin/master does. The change in this PR just made it so we check the origin/master when we fetch allowed images.

Fixes: #770

@jormundur00 jormundur00 self-assigned this Nov 14, 2025
@jormundur00 jormundur00 added bug Something isn't working docker Pull requests that update docker code labels Nov 14, 2025
@jormundur00 jormundur00 requested a review from matneu as a code owner November 14, 2025 08:09
@jormundur00 jormundur00 force-pushed the jormundur00/vulnerability-scanner-fix branch from 7635d65 to 3e95f70 Compare November 14, 2025 08:12
@jormundur00 jormundur00 requested a review from vjovanov November 14, 2025 08:22
@jormundur00 jormundur00 merged commit 5b57c28 into master Nov 14, 2025
512 of 515 checks passed
@jormundur00 jormundur00 mentioned this pull request Nov 14, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vjovanov vjovanov vjovanov approved these changes

@matneu matneu Awaiting requested review from matneu

Assignees

@jormundur00 jormundur00

Labels

bug Something isn't working docker Pull requests that update docker code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: Vulnerability scanner fails when the updated docker image has the same number of vulnerabilities as the old version

2 participants

@jormundur00 @vjovanov