-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Look into security scans for container images #115
Comments
@donsizemore what would you think about running a Anchore Engine as a dockerized service on https://jenkins.dataverse.org? I'm not sure it would fit in a free tier AWS job on IQSS bill, but as it should be updated frequently with latest databases, it should run 24/7... @4tikhonov this might be relevant for you guys at SSHOC/CESSDA, too, as Anchore allows for policies. I took a look at this as we want to go into pilot testing with public exposure and I need to make sure we are safe from the start... |
I removed this from the milestone 4.19 as other things receive more priority for now. |
Trivy should be capable of 1. have configurable list of CVEs zu ignore, 2. allow to filter unfixed vulns and 3. have a more decent SARIF template for better integration into the Github Security Tab reports gdcc/dataverse-kubernetes#115
Trivy should be capable of 1. have configurable list of CVEs zu ignore, 2. allow to filter unfixed vulns and 3. have a more decent SARIF template for better integration into the Github Security Tab reports gdcc/dataverse-kubernetes#115
Trivy should be capable of 1. have configurable list of CVEs zu ignore, 2. allow to filter unfixed vulns and 3. have a more decent SARIF template for better integration into the Github Security Tab reports gdcc/dataverse-kubernetes#115
Trivy should be capable of 1. have configurable list of CVEs zu ignore, 2. allow to filter unfixed vulns and 3. have a more decent SARIF template for better integration into the Github Security Tab reports gdcc/dataverse-kubernetes#115
Done in both https://github.com/gdcc/dataverse/tree/develop+ct and https://github.com/gdcc/dataverse/tree/master+ct via Github Action using Trivy Scans are not public viewable and cannot be configured to be public. |
Free plan for OSS at https://snyk.ioAnd nice lables via shield.ioSnyk only offers up to 100 scans for OSS.
After some reading, we should go with Clair or Anchore Engine.
See also https://kubedex.com/follow-up-container-scanning-comparison
The text was updated successfully, but these errors were encountered: