Today trivy-checks bundles are released manually, usually once a month in time for the next trivy release.
We could automate this process by defining the trigger for a bundle release on time. That way, we could schedule a new bundle release every 24h (as an example).
This automatically generated bundle could use the :latest tag. This would ensure that downstream Trivy users don't automatically pick it up but instead can chose to if they manually specify to do so. For the time being we would still generate a tag each month to cut a new tagged release of the bundle which downstream trivy users can use.
Today trivy-checks bundles are released manually, usually once a month in time for the next trivy release.
We could automate this process by defining the trigger for a bundle release on time. That way, we could schedule a new bundle release every 24h (as an example).
This automatically generated bundle could use the
:latest
tag. This would ensure that downstream Trivy users don't automatically pick it up but instead can chose to if they manually specify to do so. For the time being we would still generate a tag each month to cut a new tagged release of the bundle which downstream trivy users can use.Requires https://github.com/aquasecurity/trivy/issues/7029 to be in place as we will need to make sure the automatically released bundles don't cause breakages in any way.