Enable all severities on the Trivy daily report

opendatahub-io / notebooks

Notebook images for ODH

Apache License 2.0

17 stars 55 forks source link

Enable all severities on the Trivy daily report #614

Closed caponetto closed 1 month ago

caponetto commented 1 month ago

Description

Given that not only HIGH and CRITICAL issues are worked on, let's enable all types of severity for the daily report too. This way, we can compare when a new PR that fixes an issue is opened (see this discussion).

How Has This Been Tested?

Tested locally. The default is all severities if you don't provide the --severity option.

Merge criteria:

[x] The commits are squashed in a cohesive manner and have meaningful messages.
[x] Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
[x] The developer has manually tested the changes and verified that the changes work

jiridanek commented 1 month ago

I'm imagining that the way to work with this is to first create PR without the fix, add label, trigger trivy by making dummy change in the files where I intend to make the fix, wait for trivy results, then add fix, and then compare that what I meant to fix disappeared from trivy ouput.

caponetto commented 1 month ago

I'm imagining that the way to work with this is to first create PR without the fix, add label, trigger trivy by making dummy change in the files where I intend to make the fix, wait for trivy results, then add fix, and then compare that what I meant to fix disappeared from trivy ouput.

You don't need to create a PR without the fix. You can compare the report from the PR that fixes the issue with the latest daily report.

jiridanek commented 1 month ago

You don't need to create a PR without the fix. You can compare the report from the PR that fixes the issue with the latest daily report.

Daily report runs with SEVERITY_OPTION="--severity CRITICAL,HIGH", so if I'm fixing something less severe, I won't have it there

caponetto commented 1 month ago

You don't need to create a PR without the fix. You can compare the report from the PR that fixes the issue with the latest daily report.

Daily report runs with SEVERITY_OPTION="--severity CRITICAL,HIGH", so if I'm fixing something less severe, I won't have it there

This is exactly what this PR is about 😃

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: jiridanek, jstourac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/opendatahub-io/notebooks/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment