Add a step in CI for CVEs scanning #1478
Merged
+43
−0
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR closes #1477. It uses trivy and has the following limitations:
.trivyignore
fileRelated issue / discussion
#1477
Additional information
Trivy is an easy-to-use, fast, and comprehensive open-source tool used by DevOps and security teams for vulnerability and infrastructure as code (IaC) scanning of containers and artifacts. Trivy is open-source and maintained by Aquasecurity, :
(Ref. https://bluelight.co/blog/how-to-set-up-trivy-scanner-in-gitlab-ci-guide)
Dependency policy (RFC2)
Updates to public demo
Contributions and licensing
(as per https://github.com/geopython/pygeoapi/blob/master/CONTRIBUTING.md#contributions-and-licensing)