Patrick Ohly
Patrick Ohly
/retest Test failure should be fixed by https://github.com/kubernetes-csi/external-health-monitor/pull/130 (:crossed_fingers: ).
Same concern as in other PRs which add GitHub actions in specific repos: we should have a consistent policy for all Kubernetes-CSI repos.
I agree, such symlinks might work (haven't tried it). But before we dive into implementation details I would like to have a discussion about how we use these additional checks....
> it is more important to check PRs. Why? Because a PR adds a new dependency which is vulnerable? We don't add much new code, so this seems unlikely. A...
> the SECURITY_CONTACTS That's for actual, serious vulnerabilities, not for ongoing triaging of scan results. > (or any other volunteer) So you volunteer? :stuck_out_tongue_closed_eyes: > can be in charge of...
> What I've seen is that most of the vulnerability reports come from using a base image that is not distroless That mirrors my experience, and furthermore it's those vulnerabilities...
I'm all for adding linters. But can we do it in a consistent manner across all kubernetes-csi repos and ideally the same way as in Kubernetes? I'm currently trying to...
/reopen /lifecycle-frozen
/remove-lifecycle rotten
/lifecycle frozen