Skip to content

update scanner registry from dev registry #217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

update scanner registry from dev registry #217

wants to merge 5 commits into from

Conversation

@scott-boost
Copy link
Contributor

@scott-boost scott-boost commented Nov 14, 2025
edited
Loading

Changelog

BST-17783: bump trivy version to 0.67.2 (#257)

scorecards workflow deletion

  • the scorecards workflow was deleted because

Not really necessary and we'd need to update because of deprecated upload artifact

  • it was supposed to scan, create and publish an openssf scorecard for the dev/scanner registry repo

never setup properly

Trivy secrets removal

  • tested by Martin

composition and SCI scanner update

  1. picks up ALL yaml files when scanning for azure pipeline tasks components as some customers don't use the default of azure-pipelines.yml
  2. bumped HoundDog from v1.8.0 to v2.3.0

@scott-boost scott-boost changed the title BST-17783: bump trivy version to 0.67.2 (#257) update scanner registry from dev registry Nov 14, 2025
@lindycoder
BST-17950 Revert adding secret scanning to trivy-fs (#263)
6817608 
The story that added this was aimed only at updating trivy-image since that's the only secret scanning we currently have for images.

For source-code, without proper benchmarking, we don't want to offer trivy secret scanning as an alternative to gitleaks. Maybe it will come but not for now.

This change will prevent the trivy-fs scans from bearing the "secrets" scan-type which shows up in the secret section of the scanner coverage.
@scott-boost scott-boost marked this pull request as ready for review November 17, 2025 13:59
@scott-boost scott-boost requested review from a team as code owners November 17, 2025 13:59
SUSTAPLE117
SUSTAPLE117 previously approved these changes Nov 17, 2025
View reviewed changes
@scott-boost
BST-17782: bump scanner composition & sci (#262)
7c96ea9 
# changes
the latest version of scanner composition:
1.  picks up ALL yaml files when scanning for azure pipeline tasks components as some customers don't use the default of `azure-pipelines.yml`
2. bumped HoundDog from v1.8.0 to v2.3.0
@scott-boost
Copy link
Contributor Author

scott-boost commented Nov 18, 2025
edited
Loading

composition and sci testing checklist

@scott-boost
Copy link
Contributor Author

scott-boost commented Nov 18, 2025
edited
Loading

trivy update testing checklist

  • tested all of Trivy-fs, trivy-sbom, Trivy image SBOM, Trivy image, boost-sca on GitHub actions and sboms/vulns were extracted
  • tested all of Trivy-fs, trivy-sbom, Trivy image SBOM, Trivy image, boost-sca on Bitbucket pipelines and sboms/vulns were extracted
  • tested all of Trivy-fs, trivy-sbom, Trivy image SBOM, Trivy image, boost-sca on Gitlab pipelines and sboms/vulns were extracted
  • tested all of Trivy-fs, trivy-sbom, Trivy image SBOM, Trivy image, boost-sca on azure devops pipelines and sboms/vulns were extracted
  • tested all of Trivy-fs, trivy-sbom, Trivy image SBOM, Trivy image, boost-sca on circle-ci and sboms/vulns were extracted
  • successfully ran Trivy smoke tests here: https://github.com/boost-sandbox/module-tests-trivy/actions/runs/19377034225

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SUSTAPLE117 SUSTAPLE117 SUSTAPLE117 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@scott-boost @SUSTAPLE117 @fproulx-boostsecurity @lindycoder