add security scanners for containers

wmo-im / wis2box

WIS2 in a box is a reference implementation of a WMO WIS2 Node

https://docs.wis2box.wis.wmo.int

Apache License 2.0

35 stars 15 forks source link

Open tomkralidis opened 2 months ago

tomkralidis commented 2 months ago

Add trivy via GitHub Actions in order to scan containers for vulnerabilities.

maaikelimper commented 1 week ago

maaikelimper commented 1 week ago

question: should the GHA only fail on severity=CRITICAL ?

tomkralidis commented 1 week ago

maaikelimper commented 1 week ago

wis2box-management passes

wis2box-api, wis2box-ui and wis2box-webapp fail

maaikelimper commented 6 days ago

@tomkralidis how to proceed ?

Do I make new issues for each failed service in the wis2box-repo or in the original repo ?
Should I scan -all- containers (so also nginx, minio, prometheus etc.) or just those containers build out of wmo-im repositories ?

tomkralidis commented 6 days ago

add issues in this issue tracker regardless of the original repo, since we are running the GitHub Action here
only scan non-upstream

maaikelimper commented 4 days ago

after updating dim_eccodes_baseimage to use Ubuntu 22.04, wis2box-api now passes the vulnerability scan: