lifecycle icon indicating copy to clipboard operation
lifecycle copied to clipboard

Published 20 hours ago verified publisher icon buildpacks

Improve CVE automation

Open github-actions[bot] opened this issue 2 years ago • 2 comments

Latest lifecycle release v0.16.0 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/lifecycle/actions/runs/4248832164

github-actions[bot] avatar Feb 23 '23 02:02 github-actions[bot]

Is this issue duplicating 1018?

jjbustamante avatar Feb 23 '23 13:02 jjbustamante

I think so... at the moment our automation just looks for an open issue with cve label and if none is found it will open a new issue. We already fixed the issue on main but we didn't cut a new release, hence the duplicate. The automation could probably be improved to actually show the grype output (I think we need to redirect stderr) and maybe include the CVE identifier in the label, that way we can check both open and closed issues to avoid opening a duplicate issue. I'll leave this issue open and change it to a chore.

natalieparellano avatar Feb 27 '23 15:02 natalieparellano