Sertaç Özercan
Sertaç Özercan
@salaxander can we add a simple nightly or weekly github action to execute the scripts so we'll know if it's broken
Closing due to inactivity. Please feel free to re-open if there's ongoing work. Thanks!
For the tests, we always pin to a digest and tag is used for human readability. Re: distroless, this is not an issue for copa, copa supports patching distroless images....
@javier-lopez can you elaborate more about your use case? are you looking to add new labels? copa should not alter existing labels afaik
@salaxander what's the context of this issue? do you know who reported this? what's the scenario for licenses to change?
@R3DRUN3 not at this time, out of box sbom generation (docker implementation) would require #298 you can generate container sboms with 3rd party tooling such as `trivy sbom` or `syft`...
@toddysm make sure to have fresh scan results. these are usually due to stale reports (basically trivy and package repo disagreement), you'll need to make sure to scan before patch...
synced with @toddysm offline, his issue was due to github outage and cannot repro now. this might be due to trivy's db being hosted in ghcr. we should document this...
@jpinz please make sure to sign your commits (see DCO failure) https://project-copacetic.github.io/copacetic/website/contributing#developer-certificate-of-origin-dco
Closing due to inactivity. Please feel free to re-open if there's ongoing work. Thanks!