Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] action: add trivy ci for image vulnerability scan #390

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[WIP] action: add trivy ci for image vulnerability scan #390

wants to merge 1 commit into from

Conversation

imeoer
Copy link
Collaborator

@imeoer imeoer commented Mar 2, 2023

No description provided.

@imeoer
action: add trivy ci for image vulnerability scan
fc062f0 
Signed-off-by: Yan Song <imeoer@linux.alibaba.com>
@codecov-commenter
Copy link

codecov-commenter commented Mar 2, 2023
edited

Codecov Report

Patch coverage has no change and project coverage change: -0.08 ⚠️

Comparison is base (2fc62a6) 28.08% compared to head (e0dc454) 28.01%.

❗ Current head e0dc454 differs from pull request most recent head fc062f0. Consider uploading reports for the commit fc062f0 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #390      +/-   ##
==========================================
- Coverage   28.08%   28.01%   -0.08%     
==========================================
  Files          40       40              
  Lines        4084     4084              
==========================================
- Hits         1147     1144       -3     
- Misses       2798     2801       +3     
  Partials      139      139
Impacted Files Coverage Δ
pkg/blob/blob_manager.go 29.59% <0.00%> (-3.07%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

changweige
changweige reviewed Mar 2, 2023
View reviewed changes
.github/workflows/trivy.yml
@@ -0,0 +1,20 @@
name: CI
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should rename the action name. something like scan vulnerability ?

changweige
changweige reviewed Mar 2, 2023
View reviewed changes
.github/workflows/trivy.yml
sudo dpkg -i trivy_0.38.0_Linux-64bit.deb
- name: Scan Image
run: |
trivy image --timeout 60m ghcr.io/containerd/nydus-snapshotter:latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is the image hcr.io/containerd/nydus-snapshotter:latest built and uploaded?

changweige
changweige reviewed Mar 2, 2023
View reviewed changes
.github/workflows/trivy.yml
push:
branches: ["*"]
pull_request:
branches: [main]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose we don't have to check it on events push and pull_request, a corn job should be ok

@imeoer imeoer changed the title action: add trivy ci for image vulnerability scan [WIP] action: add trivy ci for image vulnerability scan Mar 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@changweige changweige changweige left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@imeoer @codecov-commenter @changweige