Skip to content

Scan built docker images using trivy or grype #3177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jawnsy opened this issue Apr 20, 2021 · 0 comments · Fixed by #3261
Closed

Scan built docker images using trivy or grype #3177

jawnsy opened this issue Apr 20, 2021 · 0 comments · Fixed by #3261
Assignees
@jsjoeio
Labels
chore Related to maintenance or clean up ci Issues related to ci feature New user visible feature
Milestone
v3.10.0

Comments

@jawnsy
Copy link
Contributor

jawnsy commented Apr 20, 2021

We use AquaSec Trivy in some of our other projects for scanning our source code as well as built containers for possible security issues related to our third-party dependencies (e.g. packages installed with apt-get or yarn), and should consider the same for code-server

This would complement the audit-ci tool that we have already integrated.
@jawnsy jawnsy added feature New user visible feature ci Issues related to ci labels Apr 20, 2021
@jsjoeio jsjoeio added this to the On Deck milestone Apr 20, 2021
@jsjoeio jsjoeio mentioned this issue Apr 21, 2021
Closed
@jsjoeio jsjoeio self-assigned this Apr 29, 2021
@jsjoeio jsjoeio modified the milestones: On Deck, v3.9.4 Apr 29, 2021
@jsjoeio jsjoeio mentioned this issue Apr 29, 2021
Merged
@jsjoeio jsjoeio added the chore Related to maintenance or clean up label May 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsjoeio jsjoeio

Labels
chore Related to maintenance or clean up ci Issues related to ci feature New user visible feature
Projects
None yet
Milestone
v3.10.0
Development

Successfully merging a pull request may close this issue.

feat(ci): add trivy job for security coder/code-server
2 participants
@jawnsy @jsjoeio