Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] action: add trivy ci for image vulnerability scan #390

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

imeoer
Copy link
Collaborator

@imeoer imeoer commented Mar 2, 2023

No description provided.

@codecov-commenter
Copy link

codecov-commenter commented Mar 2, 2023

Codecov Report

Patch coverage has no change and project coverage change: -0.08 ⚠️

Comparison is base (2fc62a6) 28.08% compared to head (e0dc454) 28.01%.

❗ Current head e0dc454 differs from pull request most recent head fc062f0. Consider uploading reports for the commit fc062f0 to get more accurate results

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #390      +/-   ##
==========================================
- Coverage   28.08%   28.01%   -0.08%     
==========================================
  Files          40       40              
  Lines        4084     4084              
==========================================
- Hits         1147     1144       -3     
- Misses       2798     2801       +3     
  Partials      139      139              
Impacted Files Coverage Δ
pkg/blob/blob_manager.go 29.59% <0.00%> (-3.07%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@@ -0,0 +1,20 @@
name: CI
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should rename the action name. something like scan vulnerability ?

sudo dpkg -i trivy_0.38.0_Linux-64bit.deb
- name: Scan Image
run: |
trivy image --timeout 60m ghcr.io/containerd/nydus-snapshotter:latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is the image hcr.io/containerd/nydus-snapshotter:latest built and uploaded?

push:
branches: ["*"]
pull_request:
branches: [main]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose we don't have to check it on events push and pull_request, a corn job should be ok

@imeoer imeoer changed the title action: add trivy ci for image vulnerability scan [WIP] action: add trivy ci for image vulnerability scan Mar 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants