AgentBaker
AgentBaker copied to clipboard
Azure
feat: add audit of installed Mariner packages to track unexpected dep…
…endency additions
What type of PR is this? /kind feat
What this PR does / why we need it: This PR adds a check for Mariner builds after installing our dependencies to check that we are only installing packages we know need to be part of the container host image. If an unexpected package is found installed on the Mariner image, the likely cause is a new dependency for one of the packages used by the container host. If the package is suitable to be added, then it can be appended to the package allow list. If however, the package seems to be dubious, this gives us signal investigate further.
Requirements:
- [ ] uses conventional commit messages
- [ ] includes documentation
- [ ] adds unit tests
- [ ] tested upgrade from previous version
Special notes for your reviewer:
Release note:
none
Pull Request Test Coverage Report for Build 5060296799
- 0 of 0 changed or added relevant lines in 0 files are covered.
- No unchanged relevant lines lost coverage.
- Overall coverage remained the same at 62.022%
| Totals | |
|---|---|
| Change from base Build 5028369244: | 0% |
| Covered Lines: | 2546 |
| Relevant Lines: | 4105 |
