Closed willtsai closed 3 days ago
Name | Link |
---|---|
Latest commit | f891e792901213a717d1b6004018404e00dbb745 |
Latest deploy log | https://app.netlify.com/sites/lucky-concha-f3599f/deploys/66f3453829262f0008ca555e |
@maoo please take a look at this - I think we have some other options in terms of image scanner. I've added the one you suggested in https://github.com/finos/traderX/pull/225#issuecomment-2368876109, but it looks like there is an "official" image scanner from Trivy actions/aqua-security-trivy. Let me know which one you'd prefer to use for this, should be easy to swap them out.
@maoo - actually, I've noticed that there is already a scanner in place for the dockerfiles here .github/workflows/security.yml -- do you still think we need to add it here as a part of the image publishing job? Or is scanning the dockerfiles on a scheduled cadence good enough already?
I'd put a scan in to the publishing job as well so that it only publishes when scan is successful. We can keep in both locations so we find out periodically as well as when attempting to publish
Adding a CI image vulnerability scanner to the project as per comments in https://github.com/finos/traderX/pull/225#issuecomment-2368876109