aquasecurity
feat(checks): Schedule automated releases for trivy-checks bundles
Today trivy-checks bundles are released manually, usually once a month in time for the next trivy release.
We could automate this process by defining the trigger for a bundle release on time. That way, we could schedule a new bundle release every 24h (as an example).
This automatically generated bundle could use the :canary tag. This would ensure that downstream Trivy users don't automatically pick it up but instead can chose to if they manually specify to do so. For the time being we would still generate a tag each month to cut a new tagged release of the bundle which downstream trivy users can use.
Requires https://github.com/aquasecurity/trivy/issues/7029 to be in place as we will need to make sure the automatically released bundles don't cause breakages in any way.
Did you mean some other tag for automatically released bundles, not latest? Right now Trivy automatically loads a bundle with the tag latest.
Did you mean some other tag for automatically released bundles, not
latest? Right now Trivy automatically loads a bundle with the taglatest.
Ah you're right, we should use :canary in that case. Updated.
We already run a bundle test for different versions of trivy before release, but the test is quite sparse. I think we should also run integration tests before release.
We already run a bundle test for different versions of trivy before release, but the test is quite sparse. I think we should also run integration tests before release.
Sure doesn't hurt to add that in as well.