berkeley-dsep-infra / datahub

JupyterHubs for use by Berkeley enrolled students

https://docs.datahub.berkeley.edu

BSD 3-Clause "New" or "Revised" License

65 stars 39 forks source link

Consider enabling vulnerability scanning in artifact settings #4502

Open ryanlovett opened 1 year ago

ryanlovett commented 1 year ago

Summary

Google can scan docker images pushed to our artifact registry for vulnerabilities. This might give us early warning about security issues, and I suspect is most relevant to our hub images.

GitHub has a similar service, though it would scan the repo rather than the images.

Perhaps we can turn it on and see what sort of notifications we get before deciding on how we would respond to them.

User Stories

As an infrastructure admin, I want to ensure that all deployed images have no known vulnerabilities.

Important information

https://console.cloud.google.com/artifacts/settings

shaneknapp commented 7 months ago

i enabled this in the GCP console... now we wait and see what drama ensues!