Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: report vulnerabilities and fail on HIGH,CRITICAL #152

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ci: report vulnerabilities and fail on HIGH,CRITICAL #152

wants to merge 2 commits into from

Conversation

cjdcordeiro
Copy link
Collaborator

  • Have you signed the CLA?

Problem

The current GH workflow runs the Trivy scan but doesn't react to its findings, exiting successfully even if there are vulnerabilities.

In this PR

This PR adds an additional Trivy execution that raises an error on HIGH and CRITICAL vulnerabilities. It also uploads the vulnerability report to the CI run and the GitHub Security dashboard (example)

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@cjdcordeiro
Copy link
Collaborator Author

@letFunny @rebornplusplus can we update the yaml module?

@cjdcordeiro cjdcordeiro requested review from letFunny and removed request for niemeyer August 7, 2024 12:00
@cjdcordeiro cjdcordeiro added the Simple Nice for a quick look on a minute or two label Aug 8, 2024
@cjdcordeiro
Copy link
Collaborator Author

needs #153 for CI to pass

@rebornplusplus
Copy link
Member

@letFunny @rebornplusplus can we update the yaml module?

Should be alright, yeah. Following should do it:

go get gopkg.in/yaml.v3
go mod tidy

If you want to take this chance and update everything:

go get -u
go mod tidy

@rebornplusplus
Copy link
Member

Oh, I see you raised #153 already!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rebornplusplus rebornplusplus rebornplusplus approved these changes

@letFunny letFunny letFunny approved these changes

@niemeyer niemeyer Awaiting requested review from niemeyer

Assignees

@niemeyer niemeyer

Labels
Simple Nice for a quick look on a minute or two
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cjdcordeiro @rebornplusplus @letFunny @niemeyer