Automatically and Regularly security scanning for container images

[tenzen-y]

/kind feature

Describe the solution you'd like [A clear and concise description of what you want to happen.] Currently, we manually scan container images to resolve security issues just before we release the new version of katib.

Although, this is inefficient, and we should scan container images regularly, not only just before releasing.

It might be better to run OSS tools for security scanning like the following on the GitHub Actions:

• Snyk
• docker scan (internally Snyk)
• Trivy

ref: #2094

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

---

Love this feature? Give it a 👍 We prioritize the features with the most 👍

[andreyvelich]

Thanks for creating this @tenzen-y! Kubeflow community recently started discussion around security: https://github.com/kubeflow/kubeflow/issues/6662. They are planing to establish Security WG in Kubeflow.

I think we should include this issue in the ROADMAP.

[tenzen-y]

@andreyvelich Thanks for letting me know!

I think we should include this issue in the ROADMAP.

Does that mean we must work on this until tomorrow? I may not have enough time today.

[andreyvelich]

Does that mean we must work on this until tomorrow?

No, we don't have hard requirements to scan all images before the release. We are planing to establish process after Kubeflow 1.7

[tenzen-y]

Does that mean we must work on this until tomorrow?

No, we don't have hard requirements to scan all images before the release. We are planing to establish process after Kubeflow 1.7

Ah, I see. Sounds good.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[tenzen-y]

/lifecycle frozen

[juliusvonkohout]

@difince wants to work on that as part of the security working group.

We already did scans for 1.7 and want to automate it for 1.9