Closed caponetto closed 1 month ago
I'm imagining that the way to work with this is to first create PR without the fix, add label, trigger trivy by making dummy change in the files where I intend to make the fix, wait for trivy results, then add fix, and then compare that what I meant to fix disappeared from trivy ouput.
I'm imagining that the way to work with this is to first create PR without the fix, add label, trigger trivy by making dummy change in the files where I intend to make the fix, wait for trivy results, then add fix, and then compare that what I meant to fix disappeared from trivy ouput.
You don't need to create a PR without the fix. You can compare the report from the PR that fixes the issue with the latest daily report.
You don't need to create a PR without the fix. You can compare the report from the PR that fixes the issue with the latest daily report.
Daily report runs with SEVERITY_OPTION="--severity CRITICAL,HIGH"
, so if I'm fixing something less severe, I won't have it there
You don't need to create a PR without the fix. You can compare the report from the PR that fixes the issue with the latest daily report.
Daily report runs with
SEVERITY_OPTION="--severity CRITICAL,HIGH"
, so if I'm fixing something less severe, I won't have it there
This is exactly what this PR is about 😃
[APPROVALNOTIFIER] This PR is APPROVED
Approval requirements bypassed by manually added approval.
This pull-request has been approved by: jiridanek, jstourac
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Description
Given that not only
HIGH
andCRITICAL
issues are worked on, let's enable all types of severity for the daily report too. This way, we can compare when a new PR that fixes an issue is opened (see this discussion).How Has This Been Tested?
Tested locally. The default is all severities if you don't provide the
--severity
option.Merge criteria: