Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider enabling vulnerability scanning in artifact settings #4502

Open
ryanlovett opened this issue Apr 19, 2023 · 1 comment
Open

Consider enabling vulnerability scanning in artifact settings #4502

ryanlovett opened this issue Apr 19, 2023 · 1 comment
Assignees
@shaneknapp

Comments

@ryanlovett
Copy link
Collaborator

Summary

Google can scan docker images pushed to our artifact registry for vulnerabilities. This might give us early warning about security issues, and I suspect is most relevant to our hub images.

GitHub has a similar service, though it would scan the repo rather than the images.

Perhaps we can turn it on and see what sort of notifications we get before deciding on how we would respond to them.

User Stories

  • As an infrastructure admin, I want to ensure that all deployed images have no known vulnerabilities.

Important information

https://console.cloud.google.com/artifacts/settings
@shaneknapp
Copy link
Contributor

i enabled this in the GCP console... now we wait and see what drama ensues!

@shaneknapp shaneknapp assigned shaneknapp and unassigned balajialg Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shaneknapp shaneknapp

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shaneknapp @balajialg @ryanlovett