geopython / pycsw

pycsw is an OGC CSW server implementation written in Python. pycsw fully implements the OpenGIS Catalogue Service Implementation Specification [Catalogue Service for the Web]. Initial development started in 2010 (more formally announced in 2011). The project is certified OGC Compliant, and is an OGC Reference Implementation. pycsw allows for the publishing and discovery of geospatial metadata via numerous APIs (CSW 2/CSW 3, OpenSearch, OAI-PMH, SRU). Existing repositories of geospatial metadata can also be exposed, providing a standards-based metadata and catalogue component of spatial data infrastructures. pycsw is Open Source, released under an MIT license, and runs on all major platforms (Windows, Linux, Mac OS X). Please read the docs at https://pycsw.org/docs for more information.

https://pycsw.org

MIT License

197 stars 153 forks source link

add Dockerfile CVE check, update vulnerability scanning to use trivy action #941

Open tomkralidis opened 6 months ago

tomkralidis commented 6 months ago

Overview

add Dockerfile CVE check, update vulnerability scanning to use trivy action

Related Issue / Discussion

None

Additional Information

None

Contributions and Licensing

(as per https://github.com/geopython/pycsw/blob/master/CONTRIBUTING.rst#contributions-and-licensing)

[x] I'd like to contribute [feature X|bugfix Y|docs|something else] to pycsw. I confirm that my contributions to pycsw will be compatible with the pycsw license guidelines at the time of contribution.
[x] I have already previously agreed to the pycsw Contributions and Licensing Guidelines

kalxas commented 3 months ago

Testing only the docker image for vulnerabilities could give the impression that all deployment methods are tested as well.

In order to pass the tests here, we would also need to change the base docker image and put effort to catch up with OS security patches.