Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trivy Image Scanning #8776

Merged
merged 9 commits into from
Aug 9, 2022
Merged

Trivy Image Scanning #8776

merged 9 commits into from
Aug 9, 2022

Conversation

strongjz
Copy link
Member

@strongjz strongjz commented Jul 3, 2022
edited
Loading

Adding Trivy image scanning to upload results to GitHub security.

/area stabilization
/triage accepted
/priority backlog
/ok-to-test
/assign @rikatz @tao12345666333

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Jul 3, 2022
@k8s-ci-robot k8s-ci-robot added area/stabilization Work for increasing stabilization of the ingress-nginx codebase triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/backlog Higher priority than priority/awaiting-more-evidence. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 3, 2022
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 3, 2022
@strongjz strongjz assigned strongjz and unassigned tao12345666333 and rikatz Jul 3, 2022
@strongjz
Copy link
Member Author

@longwuyuan made the point to test on image build and not just current image.

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 8, 2022
@strongjz
add scanning to CI
13639b5 
Signed-off-by: James Strong <[email protected]>
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 8, 2022
@strongjz
remove var
069ac3a 
Signed-off-by: James Strong <[email protected]>
@strongjz
need short tags
932320c 
Signed-off-by: James Strong <[email protected]>
@strongjz
it seems sarif upload needs git information
ebb8308 
Signed-off-by: James Strong <[email protected]>
@strongjz
fix permissions
9162fe0 
Signed-off-by: James Strong <[email protected]>
@strongjz
testing output of sarif file
e55a84e 
Signed-off-by: James Strong <[email protected]>
@strongjz
sarif upload issues
1d2fa93 
Signed-off-by: James Strong <[email protected]>
@strongjz strongjz changed the title Ci unit test and code scanning Trivy Code Scanning Aug 9, 2022
@strongjz
Copy link
Member Author

strongjz commented Aug 9, 2022

/kind feature

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Aug 9, 2022
@strongjz strongjz changed the title Trivy Code Scanning Trivy Image Scanning Aug 9, 2022
@rikatz
Copy link
Contributor

rikatz commented Aug 9, 2022

/lgtm
/approve
/hold
Merge as you wish

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 9, 2022
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 9, 2022
@strongjz
Copy link
Member Author

strongjz commented Aug 9, 2022

/remove-hold
/lgtm

@k8s-ci-robot
Copy link
Contributor

@strongjz: you cannot LGTM your own PR.

In response to this:

/remove-hold
/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 9, 2022
@strongjz strongjz merged commit f44e790 into kubernetes:main Aug 9, 2022
@strongjz strongjz deleted the ci-unit-test branch August 9, 2022 00:52
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rikatz, strongjz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rikatz rikatz Awaiting requested review from rikatz

@tao12345666333 tao12345666333 Awaiting requested review from tao12345666333

Assignees

@strongjz strongjz

@rikatz rikatz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/stabilization Work for increasing stabilization of the ingress-nginx codebase cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/backlog Higher priority than priority/awaiting-more-evidence. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@strongjz @rikatz @k8s-ci-robot @tao12345666333