orfeas-k
commented
11 months ago Reiterating, I think that we may not need to do this actually since seldon-core-operator doesn't deploy this image directly. In one of our discussions, @i-chvets mentioned that "mlserver is Seldon ROCK, but not used in Seldon" (see #62 about how mlserver* ROCKs are built upstream).
Thus, if the goal of this CI is to detect all CVEs of images used in CKF, we should be fine skipping this.
What needs to get done
Add
mlserverrock to build_and_scan_rocks workflowWhy it needs to get done
During https://github.com/canonical/seldonio-rocks/pull/40, we forgot to add
mlserverto build_and_scan_rocks workflow.We need to add it in order to ensure we do not miss any CVEs from the final report