simar7
commented
1 week ago cc @chen-keinan
Open simar7 opened 1 week ago
simar7
commented
1 week ago cc @chen-keinan
nikpivkin
commented
1 week ago Did you mean some other tag for automatically released bundles, not latest? Right now Trivy automatically loads a bundle with the tag latest.
Today trivy-checks bundles are released manually, usually once a month in time for the next trivy release.
We could automate this process by defining the trigger for a bundle release on time. That way, we could schedule a new bundle release every 24h (as an example).
This automatically generated bundle could use the
:latesttag. This would ensure that downstream Trivy users don't automatically pick it up but instead can chose to if they manually specify to do so. For the time being we would still generate a tag each month to cut a new tagged release of the bundle which downstream trivy users can use.Requires https://github.com/aquasecurity/trivy/issues/7029 to be in place as we will need to make sure the automatically released bundles don't cause breakages in any way.