Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a CI task to scan Harvest's container for vulnerabilities #3213

Closed
cgrinds opened this issue Oct 16, 2024 · 1 comment · Fixed by #3217
Closed

Create a CI task to scan Harvest's container for vulnerabilities #3213

cgrinds opened this issue Oct 16, 2024 · 1 comment · Fixed by #3217
Labels
24.11 customer feature New feature or request status/done

Comments

@cgrinds
Copy link
Collaborator

cgrinds commented Oct 16, 2024

https://github.com/aquasecurity/trivy
https://github.com/anchore/grype

trivy image ghcr.io/netapp/harvest:nightly
2024-10-16T14:11:41-04:00	INFO	[vulndb] Need to update DB
2024-10-16T14:11:41-04:00	INFO	[vulndb] Downloading vulnerability DB...
2024-10-16T14:11:41-04:00	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
54.26 MiB / 54.26 MiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 8.51 MiB p/s 6.6s
2024-10-16T14:11:48-04:00	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-16T14:11:48-04:00	INFO	[vuln] Vulnerability scanning is enabled
2024-10-16T14:11:48-04:00	INFO	[secret] Secret scanning is enabled
2024-10-16T14:11:48-04:00	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-16T14:11:48-04:00	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-16T14:11:49-04:00	INFO	Detected OS	family="debian" version="12.7"
2024-10-16T14:11:49-04:00	INFO	[debian] Detecting vulnerabilities...	os_version="12" pkg_num=3
2024-10-16T14:11:49-04:00	INFO	Number of language-specific files	num=3
2024-10-16T14:11:49-04:00	INFO	[gobinary] Detecting vulnerabilities...

ghcr.io/netapp/harvest:nightly (debian 12.7)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
@cgrinds cgrinds added feature New feature or request customer labels Oct 16, 2024
@rahulguptajss rahulguptajss linked a pull request Oct 21, 2024 that will close this issue
ci: add trivy to CI #3217
Merged
@rahulguptajss rahulguptajss self-assigned this Oct 21, 2024
@rahulguptajss rahulguptajss removed their assignment Nov 4, 2024
@rahulguptajss
Copy link
Contributor

verified in main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
24.11 customer feature New feature or request status/done
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: add trivy to CI NetApp/harvest
2 participants
@cgrinds @rahulguptajss