Run container scan during building of service/app owner apps - Githubissues

Altinn / altinn-studio

Next generation open source Altinn platform and applications.

https://docs.altinn.studio

BSD 3-Clause "New" or "Revised" License

115 stars 70 forks source link

Run container scan during building of service/app owner apps #5940

Open ghost opened 3 years ago

ghost commented 3 years ago

Description

The pipeline should invoke container scan to see if there are any vulnerabilities in the built container image

Acceptance criteria

[ ] Vulnerabilities are visible in the logs for the app owner

Development tasks

[ ] Add container scan to app image pipeline

Definition of done

Verify that this issue meets DoD (Only for project members) before closing.

[ ] Documentation is updated (if relevant)
- [ ] Technical documentation (docs.altinn.studio)
- [ ] User documentation (altinn.github.io/docs)
[ ] QA
[ ] Manual test is complete (if relevant)
[ ] Automated test is implemented (if relevant)
[ ] All tasks in this userstory are closed (i.e. remaining tasks are moved to other user stories or marked obsolete)

SandGrainOne commented 1 year ago

@FinnurO I would consider this a Studio feature. The analysis, build and deploy pipelines for apps should be owned by the studio team.