[Enhancement] Publish new release with latest base images

telekom-mms / trivy-dojo-report-operator

This Kubernetes operator listens for vulnerability reports generated by the Trivy Operator and forwards them to Defect Dojo for further analysis and tracking.

GNU General Public License v3.0

13 stars 15 forks source link

[Enhancement] Publish new release with latest base images #72

Closed quirinziessler closed 2 months ago

quirinziessler commented 4 months ago

Description

Right now the latest available version (0.6.2) has 130 open findings, 126 from the base image and 4 python packages. I attached the Trivy output to this issue. Is it maybe possible for you to publish a newer version image with the latest base image? I see renovate is already running so would it maybe make sense to deploy the image on a weekly/monthly rhythm with the renovate PRs?

Additional information

trivy.txt

rndmh3ro commented 4 months ago

Thanks, done!

I see renovate is already running so would it maybe make sense to deploy the image on a weekly/monthly rhythm with the renovate PRs?

With our current workflow it's only the press of a button to release a new version. I don't really want to spend any more effort on this. But feel free to propose something for this.