Closed hansinikarunarathne closed 2 weeks ago
Please extend and rename the extract_images script to provide all of this information at once. You can still name it trivy_scan.sh Please provide per workinggroup and total information similar to the extract_images scripts.
So trivy_scan.sh should do all of this.
For non pullable images you can just output a warning and ignore them otherwise.
You need to generate per working group lists and total list and generate this table
WG1_ images.txt WG1CVEs.json WG2 images.txt WG2CVEs.json ... total images.txt total_CVEs.json
afterwards you can add a github action workflow to generate this table on merges to master.
Please be aware of https://github.com/kubeflow/manifests/pull/2733
You need to generate per working group lists and total list and generate this table
WG1_ images.txt WG1CVEs.json WG2 images.txt WG2CVEs.json ... total images.txt total_CVEs.json
afterwards you can add a github action workflow to generate this table on merges to master.
I automated the trivy_scan process and created a github action to run the trivy_scanning process and print the table. You can find my github action in my forked repository of Kubeflow https://github.com/hansinikarunarathne/kubeflow-manifests/actions/runs/9431495509
screenshot of the table
the dependencies should be checked and installed if not available, e.g. prettytable and trivy if someone runs this locally on ubuntu or fedora
/lgtm /approve
lets follow up with the remaining stuff in a new PR.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: juliusvonkohout
The full list of commands accepted by this bot can be found here.
The pull request process is described here
https://github.com/kubeflow/manifests/actions/runs/9463132552/job/26067629950 will be interesting.
Pull Request Template for Kubeflow manifests Issues
✏️ A brief description of the changes
✅ Contributor checklist
DCO
check)cla/google
check)