Open larryclaman opened 2 years ago
@larryclaman Scanitizer is internal to GitHub org hence you are not able to see the repo contents. But yes we maintain it. Is there any concern you want to share?
@koushdey It's really just a general level of comfort that I'm looking for. As I noted, the guidance for container-scan advises me to run scanitizer to maintain my CVE lists. As far as I can tell, there's ZERO documentation about scanitizer; the page at https://github.com/apps/scanitizer is devoid of any useful info (see screenshot below) such as faq, version, last updated, etc, and the link to the website https://github.com/github/scanitizer/ returns a 404 as I noted. Nor does a google/bing search for scanitizer return any information. In this context, it's reasonable to conclude that the project may have been abandoned.
Yet, I am being asked to install this application within my repo which wants 'Read and write access to checks, code, issues, and pull requests'. I think it's reasonable to want some more information about the application before I install it with these permissions.
This issue is idle because it has been open for 14 days with no activity.
@koushdey Same issue here. Is scanitizer not meant to be used by folks outside Microsoft? If so, can this comment be added to container-scan readme? if not, can some documention be provided on how to use scanitizer to manage the allowlist?
@raoganeshr @larryclaman I will discuss on this with the PM as to what info can we share about the scanitizer app. I agree a documentation is needed here. Will get back with an update.
This issue is idle because it has been open for 14 days with no activity.
Hi @koushdey any update on this?
This issue is idle because it has been open for 14 days with no activity.
@koushdey any update?
This issue is idle because it has been open for 14 days with no activity.
The container-scan docs say Install Scanitizer (currently in Beta) on your repository for more convenient management of allowedlist file. The link for Scanitizer takes me to https://github.com/apps/scanitizer, but there's virtually no information on this page. There's a link on that page that is supposed to be the scanitizer repo (https://github.com/github/scanitizer/), but that link returns a 404 not found error.