Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: add image scanning #4123

Merged
merged 1 commit into from
Oct 17, 2023
Merged

CI: add image scanning #4123

merged 1 commit into from
Oct 17, 2023

Conversation

zhzhuang-zju
Copy link
Contributor

@zhzhuang-zju zhzhuang-zju commented Oct 11, 2023
edited by RainbowMango
Loading

What type of PR is this?

/kind cleanup

What this PR does / why we need it:
Runs Trivy as GitHub action to scan Docker container image for vulnerabilities.

We talked about this task at Community Meeting 2023-01-17.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:
Please see https://github.com/zhzhuang-zju/karmada/actions/runs/6530626808/job/17730271059 for more specific effects.

Does this PR introduce a user-facing change?:

Security: Introduce `trivy` for image security scanning.

@karmada-bot karmada-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 11, 2023
@karmada-bot
Copy link
Collaborator

Welcome @zhzhuang-zju! It looks like this is your first PR to karmada-io/karmada 🎉

@karmada-bot karmada-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Oct 11, 2023
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@codecov-commenter
Copy link

codecov-commenter commented Oct 11, 2023
edited
Loading

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (70e2e1c) 53.48% compared to head (6381c87) 53.46%.
Report is 10 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4123      +/-   ##
==========================================
- Coverage   53.48%   53.46%   -0.02%     
==========================================
  Files         234      234              
  Lines       23279    23279              
==========================================
- Hits        12451    12447       -4     
- Misses      10147    10150       +3     
- Partials      681      682       +1
Flag Coverage Δ
unittests 53.46% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@karmada-bot karmada-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 14, 2023
@zhzhuang-zju zhzhuang-zju changed the title [WIP] CI: add image scanning CI: add image scanning Oct 14, 2023
@karmada-bot karmada-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 14, 2023
@zhzhuang-zju
Copy link
Contributor Author

zhzhuang-zju commented Oct 14, 2023
edited
Loading

This pr add image-scanning CI,providing the ability to scan the master branch image during push.

When the code is merged into the master branch, the image scan is started.
1697443250110

CI fails when vulnerabilities are detected. You can view the scan results of a single image in each job.
image

@karmada-bot karmada-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 16, 2023
@zhzhuang-zju
CI: add image scanning
6381c87 
Signed-off-by: zhzhuang-zju <[email protected]>
RainbowMango
RainbowMango approved these changes Oct 17, 2023
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Oct 17, 2023
@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 17, 2023
@karmada-bot karmada-bot merged commit 3eba2a9 into karmada-io:master Oct 17, 2023
12 checks passed
@zhzhuang-zju zhzhuang-zju mentioned this pull request Nov 18, 2023
Closed
8 tasks
@RainbowMango RainbowMango added this to the v1.8 milestone Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@XiShanYongYe-Chang XiShanYongYe-Chang XiShanYongYe-Chang left review comments

@RainbowMango RainbowMango RainbowMango approved these changes

@Poor12 Poor12 Awaiting requested review from Poor12

Assignees

@RainbowMango RainbowMango

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.8
Development

Successfully merging this pull request may close these issues.
5 participants
@zhzhuang-zju @karmada-bot @codecov-commenter @RainbowMango @XiShanYongYe-Chang