-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding container image vulnerability scanning (Grype) GitHub Action #2113
Conversation
Thanks for submitting this pull request 🎉. The team will review it soon and get back to you. If you haven't already, please take a moment to review our project contributing guideline and Code of Conduct document. |
a5870f0
to
3e402fa
Compare
Link to latest GitHub action run: https://github.com/kanisterio/kanister/actions/runs/5492665300 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 💯
…2113) Grype vulnerability scanning github action fix tests
…2113) Grype vulnerability scanning github action
Change Overview
This PR creates a new GitHub action workflow to run the grype vulnerability scanning tool on all of Kanister's advertised container images. This GitHub action workflow has not been integrated into any of Kanister's CI/CD workflows yet, and needs to be manually triggered.
Summary of changes:
New GitHub Action Workflow yaml with path: .github/workflows/grype-vulnerability-scanner.yaml that reads from the single source of truth of all valid images in build/valid_images.json.
Pull request type
Please check the type of change your PR introduces:
Issues
Test Plan
The GitHub action will be manually triggered using workflow_dispatch - but for validation on a non-master branch, a GitHub CLI based trigger test has been added: https://github.com/kanisterio/kanister/actions/runs/5492665300