Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trivy scan pre-release versions #9679

Open
bewebi opened this issue Jun 24, 2024 · 1 comment
Open

Trivy scan pre-release versions #9679

bewebi opened this issue Jun 24, 2024 · 1 comment
Labels
Area: CI/CD Type: Tech Debt

Comments

@bewebi
Copy link
Contributor

bewebi commented Jun 24, 2024

Do you have a suggestion for code improvement or tracking existing technical debt? Please describe.

We currently only scan GA LTS versions of our images as part of our security scans and CVE documentation
This can lead to missing CVEs that are in pre-release versions, especially if they are not also present in GA versions

Describe the solution you'd like

We should scan and open issues for all released images, including prerelease images

Additional Context

#9678 is a PR that addresses CVEs in v1.18.0-beta1 but there is no directly corresponding issue
#9669 is the issue for v1.16.6 which led to the CVE scanning of v1.18.0-beta1 and identifying an additional CVE that was not identified in v1.16.6

Gloo Portal has logic for accommodating prerelease versions in scans here

Also note that we should probably scan distroless images
Adding those scans may fit neatly into this issue or may need to be a separate issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: CI/CD Type: Tech Debt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bewebi @sam-heilbron