pulp-oci-images icon indicating copy to clipboard operation
pulp-oci-images copied to clipboard
verified publisher icon pulp

Enable Snyk scanning for built contianers

Open bmbouter opened this issue 5 months ago • 4 comments

Synk can scan containers. If we enabled it, we could produce more secure containers. Let's enable it.

bmbouter avatar Jul 08 '25 14:07 bmbouter

done! Image

git-hyagi avatar Jul 15 '25 16:07 git-hyagi

@git-hyagi what's the right place to see those reports? I suspect we need to have additional project team members added to the HMS org where the scans are done. What would you recommend?

bmbouter avatar Jul 15 '25 20:07 bmbouter

I don't know if there is a better way to see the reports, but while I was working on this issue I was checking them through snyk web UI HMS -> Projects:

Image

For the project team members, I think we could at least add Gerrod and Matthias, since they are currently the "core maintainers" of the repo. However, I have no problem with adding everyone from the team as well.

git-hyagi avatar Jul 16 '25 11:07 git-hyagi

Today at the pulpcore meeting we determined we're going to create an "upstream Snyk Org" and use that for the pulp-oci-images scanning. Keep this open, and that's the next step.

bmbouter avatar Jul 22 '25 16:07 bmbouter