Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run trivy scan of repo branch on PR and push to dev / master #1377

Merged
merged 10 commits into from
Feb 22, 2023
Merged

Run trivy scan of repo branch on PR and push to dev / master #1377

merged 10 commits into from
Feb 22, 2023

Conversation

i-oden
Copy link
Member

@i-oden i-oden commented Jan 31, 2023
edited
Loading

1. This PR contains the following changes...

Add workflow file to scan local repo branch instead of the remote image on GHCR.

2. The following additional changes are required for this to work

X

3. The PR fixes the following GitHub issue / Jira task

  • GitHub issue (link):
  • Jira task (ID, DDS-xxxx):
  • The PR does not fix a specific GitHub issue or Jira task

4. What type of change(s) does the PR contain?

  • New feature
    • Breaking: Please describe the reason for the break and how we can fix it.
    • Non-breaking
  • Database change
    • Migration included in PR
    • Migration not needed
  • Bug fix
    • Breaking: Please describe the reason for the break and how we can fix it.
    • Non-breaking
  • Security Alert fix
  • Documentation
  • Tests (only)
  • Workflow

5. Checklist

Always

  • Changelog
    • Added
    • Not needed (E.g. PR contains only tests)
  • Rebase / Update / Merge from base branch (the branch from which the current is forked)
    • Done
    • Not needed
  • Blocking PRs
    • Merged
    • No blocking PRs
  • PR to master branch

If PR consists of code change(s)

  • Self review
    • Done
  • Comments, docstrings, etc
    • Added / Updated
  • Documentation
    • Updated
    • Update not needed

6. Actions / Scans

  • Black: Python code formatter. Does not execute. Only tests.
    Run black . locally to execute formatting.
    • Passed
  • Prettier: General code formatter. Our use case: MD and yaml mainly.
    Run npx prettier --write . locally to execute formatting.
    • Passed
  • Tests: Pytest to verify that functionality works as expected.
    • New tests added
    • No new tests
    • Passed
  • CodeQL: Scan for security vulnerabilities, bugs, errors
    • New alerts: Go through them and either fix, dismiss och ignore. Add reasoning in items below.
    • Alerts fixed: What?
    • Alerts ignored / dismissed: Why?
    • Passed
  • Trivy: Security scanner
    • New alerts: Go through them and either fix, dismiss och ignore. Add reasoning in items below.
    • Alerts fixed: What?
    • Alerts ignored / dismissed: This PR is adding the scan, other ongoing PRs are fixing the CVEs.
    • Passed
  • Snyk: Security scanner
    • New alerts: Go through them and either fix, dismiss och ignore. Add reasoning in items below.
    • Alerts fixed: What?
    • Alerts ignored / dismissed: Why?
    • Passed

@i-oden i-oden self-assigned this Jan 31, 2023
@i-oden i-oden requested a review from valyo January 31, 2023 12:37
@codecov
Copy link

codecov bot commented Jan 31, 2023
edited
Loading

Codecov Report

Merging #1377 (6253ec5) into dev (c32d147) will not change coverage.
The diff coverage is n/a.

❗ Current head 6253ec5 differs from pull request most recent head cfda08b. Consider uploading reports for the commit cfda08b to get more accurate results

@@           Coverage Diff           @@
##              dev    #1377   +/-   ##
=======================================
  Coverage   87.94%   87.94%           
=======================================
  Files          29       29           
  Lines        4147     4147           
=======================================
  Hits         3647     3647           
  Misses        500      500

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@i-oden i-oden marked this pull request as draft January 31, 2023 12:57
@i-oden i-oden marked this pull request as ready for review February 22, 2023 13:35
@i-oden i-oden removed the request for review from valyo February 22, 2023 14:12
@i-oden i-oden merged commit dd3b990 into dev Feb 22, 2023
@i-oden i-oden deleted the trivy-scan-local branch February 22, 2023 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@i-oden i-oden

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@i-oden