search

hyperledger / cacti

Hyperledger Cacti is a new approach to the blockchain interoperability problem
https://wiki.hyperledger.org/display/cactus
Apache License 2.0
323 stars 277 forks source link

docs(devcontainer): add trivy and its VSCode Extension #2650

Open petermetz opened 10 months ago

petermetz commented 10 months ago

Description

As a contributor I want to have a way to conveniently run a trivy security scan on my branches locally so that I'm getting much faster feedback about checks that will fail on the CI (we ran trivy checks for container scanning)

https://github.com/aquasecurity/trivy-vscode-extension

Acceptance Criteria

  1. The dev container image is updated so that it ships with the trivy binary
  2. The dev container configuration file is updated so that the VSCode extension is part of the recommended extensions: https://marketplace.visualstudio.com/items?itemName=AquaSecurityOfficial.trivy-vulnerability-scanner ( AquaSecurityOfficial.trivy-vulnerability-scanner)
  3. The .vscode/extensions.json file is also updated so that the scanner is part of the extensions there as well
ashnashahgrover commented 1 month ago

Working on this task.