Closed caponetto closed 2 days ago
@atheo89 can you please create a trivy-scan
label in this project, and give it some nice color?
[APPROVALNOTIFIER] This PR is APPROVED
Approval requirements bypassed by manually added approval.
This pull-request has been approved by: jiridanek, jstourac
The full list of commands accepted by this bot can be found here.
The pull request process is described here
https://issues.redhat.com/browse/RHOAIENG-9473
Description
This PR enables Trivy scan for PRs. It won't run by default for all PRs because it adds extra minutes to the jobs and the report won't be needed for all PRs. In order to execute the scan, the label
trivy-scan
must be added to the PR before its creation. The workflow does not react to label changes, so a new commit must be pushed to run the scan if thetrivy-scan
label is added after the PR is opened.Also on this PR:
--severity
option includes all of them when the trigger is PR, while the daily report only includesHIGH
andCRITICAL
ones. This is because low and medium issues are numerous and could be more interesting to be listed in a PR, rather than the daily report.--ignore-unfixed
option to reduce the size of the report table. An issue that does not have a fixed version is not very useful to be listed.concurrency
for the PR workflow that builds notebooks to reduce redundant builds.pull_request: make ${{ inputs.target }}
step; I only moved it up.How Has This Been Tested?
I've executed the tests on my fork.
Merge criteria: