Closed qu1queee closed 1 month ago
Follow on https://github.com/shipwright-io/build/issues/1119 . @Adarsh-jaiss I think you are on this topic as well, pls feel free to share anything you might have or bring your questions.
@karanibm6 we are wondering if you could provide a demo on your PR, for giving context to folks that are not yet familiar.
On v0.13.0 release. Current state for shipping? We really need it!
State of Triggers and Image repo?
On Dependabot, should we update indirect dependencies as well?
Sure, I can present the demo on Monday.
Meeting minutes:
On Dependabot, should we configure indirect dependencies?
@karanibm6 presented a demo on Vulscan (Recording):
.spec.output.vulnerabilityScan
.spec.output.vulnerabilityScan.fail
if set to true
, it will not push the image to the registry(as part of the buildrun) and will switch the BR status to False
. If set to false
, it lists the CVEs in the status of the BR, but will push the container image. By default is set to false
. Feedback: can we have a more descriptive key
, instead of fail
..spec.output.vulnerabilityScan.fail
On v0.13.0 release. Current state for shipping?
On multi-arch support. @SaschaSchwarze0 and @Adarsh-jaiss would be presenting on their work on this next week. If you are interested on the topic, please take a look on where we are.
On CNCF application. The application is moving, we have been working on this, from our internal discussions with the TAG App Delivery Group to trying to figure out some of the initial feedback.