Open schlegel11 opened 5 months ago
pascalbreuninger
commented
4 months ago @schlegel11 That's a great suggestion for the overall ecosystem. However, I don't see us implementing such a general purpose addition in the near future but will leave the ticket open. If there's enough community interest we might reconsider. In case you're interesting in contributing this please feel free to reach out to us directly and we'll help you get started
schlegel11
commented
4 months ago Hi Pascal :smile: Yeah I'm quite interested I think :wink: :smile: Maybe integrating something like trivy could be a good approach. I will create a branch for some experimenting, implement, in UI, a general setting and for the list of workspaces a badge showing found vulnerabilities -> maybe I can create a mockup first. Regarding actions or hints, what a user can do if there are vulnerabilities, I haven't thought about till now. I'm totally open for ideas or discussions :smile:
Is your feature request related to a problem?
For e.g. containers there are vulnerability scan extensions available. Maybe it would be good if there is a possibility to show in the UI if an environment need package updates or if there are vulnerabilities found for a specific base image. Maybe it would be nice to apply updates etc. directly to this environment from the UI.
Which alternative solutions exist? I currently don't know if there are existing strategies for this problem or if there is something specified in general for development containers.