[Feature] Move Nancy scan to a periodic job

realshuting commented 3 months ago

Problem Statement

Currently the Nancy scan runs upon each PR which is not necessary: https://github.com/kyverno/kyverno/blob/main/.github/workflows/nancy.yaml

It would be good to move the Nancy scan job to a daily periodic task.

Solution Description

Similar to what we did for Trivy scan, we can do the same for the Nancy scan and create GitHub issues for detected CVEs:

https://github.com/kyverno/kyverno/blob/main/.github/workflows/report-on-vulnerabilities.yaml

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

[X] I have read and followed the documentation AND the troubleshooting guide.
[X] I have searched other issues in this repository and mine is not recorded.

lavishpal commented 3 months ago

Hi, @realshuting ,Could you assign this issue to me ?

Denish3436 commented 2 months ago

Hey, @lavishpal I hope you're doing well. I wanted to check if you are still addressing this issue. If not, I would greatly appreciate the chance to understand and work on resolving it.

lavishpal commented 2 months ago

Hey, @lavishpal I hope you're doing well. I wanted to check if you are still addressing this issue. If not, I would greatly appreciate the chance to understand and work on resolving it.

Hi @Denish3436 ,Currently working on this issue.

maanugh commented 2 months ago

/assign

kyverno / kyverno