modsecurity-crs-docker icon indicating copy to clipboard operation
modsecurity-crs-docker copied to clipboard
verified publisher icon coreruleset

feat: Add Trivy scanner to the pipeline

Open huberts90 opened this issue 1 year ago • 5 comments

Trivy action scans a Docker image against vulnerabilities in the CI/CD. The vulnerabilities cache is scheduled to be updated on a daily basis.

huberts90 avatar Oct 12 '24 11:10 huberts90

Nice, I think it has a good find. Will fix and then we can rebase.

fzipi avatar Oct 27 '24 00:10 fzipi

@huberts90 Can you take a look on why this is failing now?

fzipi avatar Oct 30 '24 23:10 fzipi

@huberts90 Can you take a look on why this is failing now?

Thanks, Felipe, for drawing my attention. There was an error with cache, but now we are hitting the rate limit. Will be thinking about how to overcome it.

huberts90 avatar Nov 13 '24 10:11 huberts90

Hi @huberts90 ! Any appetite for finishing this one?

fzipi avatar Sep 04 '25 13:09 fzipi

I can't see the logs anymore, but, IIRC, the rate limit is tied to downloading the database and can be circumvented by using a different registry / mirror. GHCR would make sense, IMO.

theseion avatar Oct 18 '25 07:10 theseion