Improve CVE scanning on PRs in this repo #6643

caroline-suse-rancher · 2024-08-27T20:03:25Z

In an effort to improve our rate of dependency bumps and CVE fixes, we would like more visibility into our scan results on each PR to the RKE2 project. This will likely involve a new GHA or something to that effect to expose the results of our CVE scans (right now we use Trivy) for each PR. That way we can evaluate what needs to be done on a release to release basis to mitigate CVEs.

caroline-suse-rancher added priority/high area/security labels Aug 27, 2024

caroline-suse-rancher assigned dereknola Aug 27, 2024

This was referenced Sep 17, 2024

[Release-1.28] Add trivy scanning to PR reports #6835

Merged

[Release-1.29] Add trivy scanning to PR reports #6836

Merged

[Release-1.30] Add trivy scanning to PR reports #6837

Merged

[Release-1.31] Add trivy scanning to PR reports #6838

Merged

dereknola mentioned this issue Oct 11, 2024

Pass Rancher's VEX report to Trivy to remove known false-positives CVEs #6888

Merged

dereknola mentioned this issue Oct 28, 2024

Publish release trivy scans as an artifact #7148

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve CVE scanning on PRs in this repo #6643

Improve CVE scanning on PRs in this repo #6643

caroline-suse-rancher commented Aug 27, 2024

Improve CVE scanning on PRs in this repo #6643

Improve CVE scanning on PRs in this repo #6643

Comments

caroline-suse-rancher commented Aug 27, 2024