Build Tools for VMware Aria provides development and release management tools for implementing automation solutions based on the VMware Aria Suite and VMware Cloud Director. The solution enables Virtual Infrastructure Administrators and Automation Developers to use standard DevOps practices for managing and deploying content.
Other
48
stars
24
forks
source link
Implement a security scanner in the repository #329
A suggestion is to use trivy it's free and works pretty well.
Running it locally like so: trivy fs --severity HIGH,CRITICAL --exit-code 1 --ignore-unfixed --skip-dirs "**/target/*" . provides a lot of information about potential issues, most of which are fixed with newer versions of packages.
How To Integrate
Suggestion is to detect changes done in the current PR and fail the build if PR changes have a HIGH or CRITICAL vulnerability (Up for debate, CRITICAL may be enough).
This is how you can generate a report for a specific directory, works with a file too
Michaelpalacce
commented
3 months ago
Description
A suggestion is to use trivy it's free and works pretty well.
Running it locally like so:
trivy fs --severity HIGH,CRITICAL --exit-code 1 --ignore-unfixed --skip-dirs "**/target/*" .provides a lot of information about potential issues, most of which are fixed with newer versions of packages.How To Integrate
Suggestion is to detect changes done in the current PR and fail the build if PR changes have a HIGH or CRITICAL vulnerability (Up for debate, CRITICAL may be enough).
This is how you can generate a report for a specific directory, works with a file too
Trivy supports
--format githubthat can later be published to github "Security" tab, check out: https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning for more infoGithub Action
Potentially this can be used to fullfil the abovementioned requirements
report.log