Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add Dockerfile CVE check, update vulnerability scanning to use trivy action #941

Merged
merged 11 commits into from
Aug 5, 2024

Conversation

tomkralidis
Copy link
Member

Overview

add Dockerfile CVE check, update vulnerability scanning to use trivy action

Related Issue / Discussion

None

Additional Information

None

Contributions and Licensing

(as per https://github.com/geopython/pycsw/blob/master/CONTRIBUTING.rst#contributions-and-licensing)

  • I'd like to contribute [feature X|bugfix Y|docs|something else] to pycsw. I confirm that my contributions to pycsw will be compatible with the pycsw license guidelines at the time of contribution.
  • I have already previously agreed to the pycsw Contributions and Licensing Guidelines

@tomkralidis tomkralidis requested a review from kalxas January 7, 2024 00:26
@tomkralidis tomkralidis closed this Apr 8, 2024
@tomkralidis tomkralidis reopened this Apr 8, 2024
@tomkralidis tomkralidis force-pushed the tomkralidis-patch-1 branch from 2ccd792 to e963a1f Compare April 9, 2024 17:27
@kalxas
Copy link
Member

kalxas commented Apr 10, 2024

Testing only the docker image for vulnerabilities could give the impression that all deployment methods are tested as well.

In order to pass the tests here, we would also need to change the base docker image and put effort to catch up with OS security patches.

@tomkralidis tomkralidis force-pushed the tomkralidis-patch-1 branch from 40a9c84 to f3d6428 Compare August 5, 2024 00:06
@tomkralidis
Copy link
Member Author

PR updated. Note that upgrading Dockerfile to python:3.10-slim-buster and adding apt upgrade passes the trivy image scan.

@tomkralidis tomkralidis added this to the 3.0.0 milestone Aug 5, 2024
@kalxas kalxas merged commit e8e6268 into master Aug 5, 2024
4 checks passed
@kalxas kalxas deleted the tomkralidis-patch-1 branch August 5, 2024 10:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants