daos icon indicating copy to clipboard operation
daos copied to clipboard

Published 20 hours ago verified publisher icon daos-stack

DAOS-623 ci: Add a workflow for Trivy scan

Open grom72 opened this issue 8 months ago • 8 comments

Trivy scan is required for SLDe process.

Remember to modify the Trivy reference branch: https://github.com/daos-stack/daos/blob/d2e5acf5895c52fbb0bc80db2e10fab1ba04d855/.github/workflows/triviy.yml#L42 to: ref: master

Example execution: https://github.com/daos-stack/daos/actions/runs/9613005998/job/26514814960?pr=14623

There is no need to run any Functional/Unit/NLT tests, as this PR introduces only a new GHA workflow that does not affect the source code in any way.

Before requesting gatekeeper:

  • [ ] Two review approvals and any prior change requests have been resolved.
  • [x] Testing is complete and all tests passed or there is a reason documented in the PR why it should be force landed and forced-landing tag is set.
  • [ ] Features: (or Test-tag*) commit pragma was used or there is a reason documented that there are no appropriate tags for this PR.
  • [x] Commit messages follows the guidelines outlined here.
  • [x] Any tests skipped by the ticket being addressed have been run and passed in the PR.

Gatekeeper:

  • [ ] You are the appropriate gatekeeper to be landing the patch.
  • [ ] The PR has 2 reviews by people familiar with the code, including appropriate owners.
  • [ ] Githooks were used. If not, request that user install them and check copyright dates.
  • [ ] Checkpatch issues are resolved. Pay particular attention to ones that will show up on future PRs.
  • [ ] All builds have passed. Check non-required builds for any new compiler warnings.
  • [ ] Sufficient testing is done. Check feature pragmas and test tags and that tests skipped for the ticket are run and now pass with the changes.
  • [ ] If applicable, the PR has addressed any potential version compatibility issues.
  • [ ] Check the target branch. If it is master branch, should the PR go to a feature branch? If it is a release branch, does it have merge approval in the JIRA ticket.
  • [ ] Extra checks if forced landing is requested
    • [ ] Review comments are sufficiently resolved, particularly by prior reviewers that requested changes.
    • [ ] No new NLT or valgrind warnings. Check the classic view.
    • [ ] Quick-build or Quick-functional is not used.
  • [ ] Fix the commit message upon landing. Check the standard here. Edit it to create a single commit. If necessary, ask submitter for a new summary.

grom72 avatar Jun 21 '24 11:06 grom72