jiridanek
commented
2 days ago @atheo89 can you please create a trivy-scan label in this project, and give it some nice color?
Closed caponetto closed 2 days ago
jiridanek
commented
2 days ago @atheo89 can you please create a trivy-scan label in this project, and give it some nice color?
openshift-ci[bot]
commented
2 days ago [APPROVALNOTIFIER] This PR is APPROVED
Approval requirements bypassed by manually added approval.
This pull-request has been approved by: jiridanek, jstourac
The full list of commands accepted by this bot can be found here.
The pull request process is described here
https://issues.redhat.com/browse/RHOAIENG-9473
Description
This PR enables Trivy scan for PRs. It won't run by default for all PRs because it adds extra minutes to the jobs and the report won't be needed for all PRs. In order to execute the scan, the label
trivy-scanmust be added to the PR before its creation. The workflow does not react to label changes, so a new commit must be pushed to run the scan if thetrivy-scanlabel is added after the PR is opened.Also on this PR:
--severityoption includes all of them when the trigger is PR, while the daily report only includesHIGHandCRITICALones. This is because low and medium issues are numerous and could be more interesting to be listed in a PR, rather than the daily report.--ignore-unfixedoption to reduce the size of the report table. An issue that does not have a fixed version is not very useful to be listed.concurrencyfor the PR workflow that builds notebooks to reduce redundant builds.pull_request: make ${{ inputs.target }}step; I only moved it up.How Has This Been Tested?
I've executed the tests on my fork.
Merge criteria: