tools/CI: scan repository with trivy security scanner (yarn.lock, composer.lock) #1998
Commits on Jun 30, 2023
-
tools/CI: scan repository with trivy security scanner (yarn.lock, com…
…poser.lock) - run scan on each push/pull request update - can be run locally using make test_trivy_repo - exit with error code 0/success when vulnerabilities are found, as not to make the workflow fail, a separate periodic run that exits with code 1 should be added in parallel - update trivy to v0.43.0 - https://github.com/aquasecurity/trivy/releases/tag/v0.43.0 - also consider TRIVY_EXIT_CODE when running trivy on the latest docker image - ref. shaarli#1531
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.