Vulnscan

[sehaartuc]

Summary by Sourcery

Introduced a new CI workflow to automate weekly vulnerability scans on Docker images, leveraging Trivy for image scanning and ORT for open-source software analysis.

• CI:
  • Added a new GitHub Actions workflow to perform weekly vulnerability scans on the latest two semantically versioned Docker images using Trivy and OSS Review Toolkit (ORT).

[sourcery-ai[bot]]

Reviewer's Guide by Sourcery

This pull request introduces a new GitHub Actions workflow to automate the weekly vulnerability scanning of Docker images. The workflow is scheduled to run every Monday at 14:00 UTC and can also be triggered manually. It fetches the latest two semantically versioned Docker images, scans them for critical and high severity vulnerabilities using Trivy, and performs additional analysis using the OSS Review Toolkit (ORT).

File-Level Changes

Files	Changes
.github/workflows/weekly_vuln_scan.yml	Introduced a new GitHub Actions workflow to automate weekly vulnerability scanning of Docker images using Trivy and ORT.

---

Tips

- Trigger a new Sourcery review by commenting `@sourcery-ai review` on the pull request. - Continue your discussion with Sourcery by replying directly to review comments. - You can change your review settings at any time by accessing your [dashboard](https://app.sourcery.ai): - Enable or disable the Sourcery-generated pull request summary or reviewer's guide; - Change the review language; - You can always [contact us](mailto:support@sourcery.ai) if you have any questions or feedback.

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud