Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix failing container scanning workflow: restrict the severities to upload #629

Merged
merged 1 commit into from
Aug 18, 2020
Merged

Fix failing container scanning workflow: restrict the severities to upload #629

merged 1 commit into from
Aug 18, 2020

Conversation

rinx
Copy link
Contributor

@rinx rinx commented Aug 18, 2020
edited
Loading

Signed-off-by: Rintaro Okamura rintaro.okamura@gmail.com

Description:

Because Trivy doesn't escape "\X" in the description of CVE-2019-20454, the output SARIF file could not correctly be parsed.
CVE-2019-20454 is MEDIUM severity, so in this PR, just modifying the severity level of uploading SARIF file.
We can still find the lower severity vulnerabilities from Actions tab.

Related Issue:

How Has This Been Tested?:

Environment:

  • Go Version: 1.14.4
  • Docker Version: 19.03.8
  • Kubernetes Version: 1.18.2
  • NGT Version: 1.12.0

Types of changes:

  • Bug fix [type/bug]
  • New feature [type/feature]
  • Add tests [type/test]
  • Security related changes [type/security]
  • Add documents [type/documentation]
  • Refactoring [type/refactoring]
  • Update dependencies [type/dependency]
  • Update benchmarks and performances [type/bench]
  • Update CI [type/ci]

Changes to Core Features:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully ran tests with your changes locally?

Checklist:

  • I have read the CONTRIBUTING document.
  • I have checked open Pull Requests for the similar feature or fixes?
  • I have added tests and benchmarks to cover my changes.
  • I have ensured all new and existing tests passed.
  • I have commented my code, particularly in hard-to-understand areas
  • I have updated the documentation accordingly.

@pull-assistant
Copy link

pull-assistant bot commented Aug 18, 2020
edited
Loading

Score: 1.00

Best reviewed: commit by commit

Optimal code review plan

     🔧 upload sarif only for HIGH or CRITICAL

Powered by Pull Assistant. Last update e948e3f ... e948e3f. Read the comment docs.

@vdaas-ci
Copy link
Collaborator

[CHATOPS:HELP] ChatOps commands.

  • 🙆‍♀️ /approve - approve
  • 💌 /changelog - add changelog comment
  • 🍱 /format - format codes and add licenses
  • /gen-test - generate test codes
  • 🏷️ /label - add labels
  • /rebase - rebase master

@rinx rinx force-pushed the ci/container-scan/fix-upload-sarif branch 4 times, most recently from e8e37bd to c541165 Compare August 18, 2020 02:48
@rinx rinx changed the title Fix failing container scanning workflow Fix failing container scanning workflow: restrict the severities to upload Aug 18, 2020
@rinx rinx force-pushed the ci/container-scan/fix-upload-sarif branch from c541165 to 02d1255 Compare August 18, 2020 02:57
@rinx
🔧 upload sarif only for HIGH or CRITICAL
e948e3f 
Signed-off-by: Rintaro Okamura <rintaro.okamura@gmail.com>
@rinx rinx force-pushed the ci/container-scan/fix-upload-sarif branch from 02d1255 to e948e3f Compare August 18, 2020 03:00
@rinx rinx marked this pull request as ready for review August 18, 2020 03:10
@rinx rinx merged commit 95fb5c5 into master Aug 18, 2020
@rinx rinx deleted the ci/container-scan/fix-upload-sarif branch August 18, 2020 03:11
@vdaas-ci vdaas-ci mentioned this pull request Sep 2, 2020
Merged
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
priority/low size/S team/sre SRE team type/ci
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rinx @vdaas-ci