When we output the security scan docs gen file, the order of the images scanned within a particular version is non-deterministic. Every time we re-run it it changes. This wasn't noticed before because the output file is typically gitignored and generated in-place by the docs release process, so it's never caught by any diff checkers.
# Clone the Gloo Mesh Enterprise repo locally
git@github.com:solo-io/gloo-mesh-enterprise.git
# Go to docs dic
cd docs
# Run security scan
GOPRIVATE=github.com/solo-io GO111MODULE=on go run github.com/solo-io/go-utils/securityscanutils/cli gen-security-scan-md -r gloo-mesh-enterprise -w "gloo mesh enterprise" -m v1.1.0 -f ./cmd/imageVersionConstraints.csv -c gloo-mesh-enterprise.out > content/static/content/gloo-mesh-enterprise-security-scan.docgen
Open the resulting docs/content/static/content/gloo-mesh-enterprise-security-scan.docgen file, and make a copy. If you re-run the security scan, you'll notice the order of the images in the output has changed (even though none of the inputs have changed).
When we output the security scan docs gen file, the order of the images scanned within a particular version is non-deterministic. Every time we re-run it it changes. This wasn't noticed before because the output file is typically gitignored and generated in-place by the docs release process, so it's never caught by any diff checkers.
The result is that every time we update the docs site, the order of images on the security release page (eg https://docs.solo.io/gloo-mesh-enterprise/latest/reference/security_updates/) is essentially randomized.
To reproduce:
Open the resulting
docs/content/static/content/gloo-mesh-enterprise-security-scan.docgenfile, and make a copy. If you re-run the security scan, you'll notice the order of the images in the output has changed (even though none of the inputs have changed).