Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add container-scanner #44

Open
nabadger opened this issue May 26, 2020 · 2 comments
Open

Add container-scanner #44

nabadger opened this issue May 26, 2020 · 2 comments

Comments

@nabadger
Copy link

I would like to integrate https://github.com/aquasecurity/trivy

We use this as part of our CI/CD pipelines on Gitlab.

A few important notes:

  • We support all the trivy env-vars
  • We support the .trivyignore file
  • We support our shared CVE whitelist (which may not be appropriate for build-harness)
@charlieparkes
Copy link

This would be great to get. Perhaps modules/trivy. Could we build a mintel/trivy image to Docker Hub? For the whitelist, we could add a generic command in the same module like trivy/whitelist that pulls a whitelist from a git repo you specify in your Makefile. (in otherwords, split the whitelist stuff out from the "running trivy as a docker image."

@nabadger
Copy link
Author

nabadger commented May 26, 2020
edited
Loading

There's already an dockerized trivy: https://hub.docker.com/r/aquasec/trivy/

For the whitelist, I think we need to consider the different use-cases around this, which is so far seems to be:

  • Application teams maintain their own whitelist
  • SRE maintain a shared whitelist
  • A combination of both

Currently we support a combination - this will be a good topic to discuss.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@charlieparkes @nabadger