As we build out containers for DMP infrastructure we should consider including adding trivy to the build process. This will identify any vulnerabilities before images are published or pushed out.
IAS has a new tool to easily review any known vulnerabilities which are included in their trivy scans. Any containers registered in ECR in all AWS accounts that have a known vulnerability will be listed the tool. We can ask Martin to demo at our next IAS meeting
As we build out containers for DMP infrastructure we should consider including adding trivy to the build process. This will identify any vulnerabilities before images are published or pushed out.
https://github.com/CDLUC3/mrt-doc/issues/1488 - has some information on how the Merritt team did this for their containers
IAS has a new tool to easily review any known vulnerabilities which are included in their trivy scans. Any containers registered in ECR in all AWS accounts that have a known vulnerability will be listed the tool. We can ask Martin to demo at our next IAS meeting