berkeley-dsep-infra / datahub

JupyterHubs for use by Berkeley enrolled students
https://docs.datahub.berkeley.edu
BSD 3-Clause "New" or "Revised" License
65 stars 39 forks source link

Consider enabling vulnerability scanning in artifact settings #4502

Open ryanlovett opened 1 year ago

ryanlovett commented 1 year ago

Summary

Google can scan docker images pushed to our artifact registry for vulnerabilities. This might give us early warning about security issues, and I suspect is most relevant to our hub images.

GitHub has a similar service, though it would scan the repo rather than the images.

Perhaps we can turn it on and see what sort of notifications we get before deciding on how we would respond to them.

User Stories

Important information

https://console.cloud.google.com/artifacts/settings

shaneknapp commented 7 months ago

i enabled this in the GCP console... now we wait and see what drama ensues!