briri
commented
1 month ago moving this to the dmsp_aws_prototype repo
Closed marisastrong closed 1 month ago
briri
commented
1 month ago moving this to the dmsp_aws_prototype repo
As we build out containers for DMP infrastructure we should consider including adding trivy to the build process. This will identify any vulnerabilities before images are published or pushed out.
https://github.com/CDLUC3/mrt-doc/issues/1488 - has some information on how the Merritt team did this for their containers
IAS has a new tool to easily review any known vulnerabilities which are included in their trivy scans. Any containers registered in ECR in all AWS accounts that have a known vulnerability will be listed the tool. We can ask Martin to demo at our next IAS meeting