thanos-remote-read icon indicating copy to clipboard operation
thanos-remote-read copied to clipboard
verified publisher icon G-Research

Setup trivy scanning

Open eswdd opened this issue 3 years ago • 4 comments

eswdd avatar Mar 25 '22 12:03 eswdd

Should we maybe instead run Trivy daily on the existing latest image + on pull requests and push to master? This will let us scan what is currently released + avoid pushing vulnerable images

jgiannuzzi avatar Mar 25 '22 12:03 jgiannuzzi

Should we maybe instead run Trivy daily on the existing latest image + on pull requests and push to master? This will let us scan what is currently released + avoid pushing vulnerable images

Yes i think so, TBH i hadn't noticed that the content of this was non-sensicle

eswdd avatar Mar 25 '22 14:03 eswdd

@jgiannuzzi i think we should just move the 2 scan items to the docker build action we already have. i don't see the value in doing docker build twice. That also means we don't need to maintain the image name in 2 places which resolves what @greed42 flagged

eswdd avatar Mar 25 '22 14:03 eswdd

@eswdd agreed — and as a future improvement, we should also build the Docker image (but not push, of course) on pull requests

jgiannuzzi avatar Mar 25 '22 17:03 jgiannuzzi