Security scanning for container images

[adrianchiris]

What would you like to be added?

Add action to check for security vulnerabilities in our containers. This can be a check that runs periodically or on every PR.

What we can use:

• quay/clair - provides container that can be run as part of a workflow
• Anchore/grype scanner which also provides a GA for it

Once we have this up and running, we can do the same in other projects in the group.

What is the use case for this feature / enhancement?

find and fix security vulnerabilities of project containers

[adrianchiris]

trivy is also an option : https://github.com/aquasecurity/trivy