Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added ability to run security scans of our images #1154

Merged
merged 2 commits into from
Sep 14, 2021
Merged

Added ability to run security scans of our images #1154

merged 2 commits into from
Sep 14, 2021

Conversation

longrunningprocess
Copy link
Contributor

@longrunningprocess longrunningprocess commented Sep 13, 2021
edited
Loading

Description

We needed to run docker scan against our images to understand current vulnerabilities. These commits will both added some convenience scripts for future use as well as begin to triage the results and plans for mitigation.

Fixes #1117

Type of Change

Check all that apply:

  • Bug fix (non-breaking change which fixes an issue)

Screenshots

N/A

How Has This Been Tested?

  • Tested the convenience scripts multiple times on my own machine while developing them

Checklist:

  • I have rebased off develop after Emulate x86 so local dev is possible on arm64 machines #1142 gets merged into develop
  • I have performed a self-review of my own code
  • I have reviewed the title/description of this PR which will be used as the squashed PR commit message
  • I have commented my code, particularly in hard-to-understand areas

@longrunningprocess longrunningprocess self-assigned this Sep 13, 2021
@megahirt
Copy link
Collaborator

FYI I tried to run this locally and got the message could not find Snyk binary which means that I don't have Snyk installed. I'm OK with that and can let @longrunningprocess do the scan since he already has it installed.

image

megahirt
megahirt approved these changes Sep 14, 2021
View reviewed changes
Copy link
Collaborator

@megahirt megahirt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved!

@longrunningprocess
Copy link
Contributor Author

longrunningprocess commented Sep 14, 2021
edited
Loading

FYI I tried to run this locally and got the message could not find Snyk binary which means that I don't have Snyk installed. I'm OK with that and can let @longrunningprocess do the scan since he already has it installed.

I didn't actually install it individually, it must already be part of Docker Desktop for Mac. I suppose you could install it manually if you wanted to run it as well.

@longrunningprocess
Copy link
Contributor Author

tracked report in #1155

@longrunningprocess
added convenience script for future use
e989b46
@longrunningprocess
scan's return code can be ignored
00fca61 
in the hopes of not misleading someone running the make scan and seeing error messages, we'll inform make to ignore that result from scan...it returns a `1` if it finds any vulnerabilities and we're already redirecting all that into a "report".
@longrunningprocess longrunningprocess merged commit fd50361 into develop Sep 14, 2021
@longrunningprocess longrunningprocess deleted the issue/1117-security-scan branch September 14, 2021 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@megahirt megahirt megahirt approved these changes

Assignees

@longrunningprocess longrunningprocess

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

run docker scan and triage results into future issues
2 participants
@longrunningprocess @megahirt