Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop Anchore CLI Reports of Images with / without vulnerabilities #1157

Closed
22 of 29 tasks
godfreykutumela opened this issue Jan 10, 2020 · 7 comments
Closed
22 of 29 tasks

Develop Anchore CLI Reports of Images with / without vulnerabilities #1157

godfreykutumela opened this issue Jan 10, 2020 · 7 comments
Assignees
@lewisdaly
Labels
story

Comments

@godfreykutumela
Copy link

godfreykutumela commented Jan 10, 2020
edited by lewisdaly
Loading

Goal:

Prepare reports for a demo at the PI meeting in Johannesburg

Tasks:

  • figure out how to get the most current anchore reports in one place. The best method is likely:
    - [ ] Get CircleCI to automatically add these to releases (similar to the license-scanner summary on the mojaloop/helm repo
    • Write a tool to get all latest reports from a list of given repos in one place
    • upload these reports to the s3 bucket, similar to how we handle the sonarqube output
  • Apply CI/CD Updates for the following repos:
    • bulk-api-adapter [PR]
    • central-event-processor [PR]
    • central-ledger [PR]
    • central-settlement [PR]
    • email-notifier [PR]
    • ml-api-adapter [PR]
    • quoting-service [PR]
    • mojaloop-simulator [PR]
  • compile these reports for the upcoming convening
  • summarize into one or two slides

Acceptance Criteria:

  • Designs are up-to date
  • Unit Tests pass
  • Integration Tests pass
  • Code Style & Coverage meets standards
  • Changes made to config (default.json) are broadcast to team and follow-up tasks added to update helm charts and other deployment config.
  • TBD

Pull Requests:

Follow-up:

  • N/A

Dependencies:

  • N/A

Accountability:

  • Owner: TBC
  • QA/Review: TBC
@lewisdaly
Copy link
Contributor

Thanks @godfreykutumela.

This is already working on an automated basis. I'll look into how we might easily compile the reports in one place for future reference (and for this upcoming PI meeting).

@godfreykutumela
Copy link
Author

Noted thanks @lewisdaly

@lewisdaly
Copy link
Contributor

As per our recent discussion, we will upload the reports to s3, similar to the sonarqube reports

@lewisdaly
Copy link
Contributor

Created new bucket to upload the reports to: s3://mojaloop-ci-reports

Here is my proposed directory structure:

/anchore-cli
    /central-ledger
        central-ledger-v8.8.0.json
        ...
    /ml-api-adapter
        ...
...
    /latest
         (contains all latest reports across all repos)

@godfreykutumela
Copy link
Author

Noted, thanks @lewisdaly for actioning that

@lewisdaly
Copy link
Contributor

I've shared an example excel file generated from the anchore-cli reports in slack (I'm not including here for security purposes). Waiting for some feedback from the team before continuing.

@godfreykutumela
Copy link
Author

Noted Thanks @lewisdaly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lewisdaly lewisdaly

Labels
story
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lewisdaly @godfreykutumela