Skip to content
This repository has been archived by the owner on Jul 23, 2024. It is now read-only.

Run security analysis at each push #489

Merged
merged 2 commits into from
Aug 4, 2023
Merged

Run security analysis at each push #489

merged 2 commits into from
Aug 4, 2023

Conversation

gabriel-farache
Copy link
Contributor

@gabriel-farache gabriel-farache commented Aug 2, 2023
edited
Loading

What this PR does / why we need it:
We cannot push/merges new version with new images that have critical or high security issues. This PR introduce a new action to perform security checks using Clair at each push.

Only fixable vulnerabilities are failing the job

It also solves Critical and High vulnerabilities detected on notification and workflow services

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story (FLPATH-xxxx):
Fixes #FLPATH-538
Change type

  • New feature
  • Bug fix
  • Unit tests
  • Integration tests
  • CI
  • Documentation
  • Auto-generated SDK code

Impacted services

  • Workflow Service
  • Notification Service

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.

@gabriel-farache gabriel-farache changed the title Feat/run security analysis Run security analysis at each push Aug 2, 2023
@gabriel-farache gabriel-farache force-pushed the feat/run_security_analysis branch 10 times, most recently from 91389e8 to 3d3462b Compare August 4, 2023 10:26
@gabriel-farache gabriel-farache marked this pull request as ready for review August 4, 2023 12:16
@openshift-ci openshift-ci bot requested review from anludke and lshannon August 4, 2023 12:16
@gabriel-farache gabriel-farache force-pushed the feat/run_security_analysis branch 5 times, most recently from d434914 to 2f54744 Compare August 4, 2023 14:15
@openshift-ci
Copy link

openshift-ci bot commented Aug 4, 2023

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot removed the lgtm label Aug 4, 2023
@openshift-ci
Copy link

openshift-ci bot commented Aug 4, 2023

New changes are detected. LGTM label has been removed.

@RichardW98 RichardW98 added the lgtm label Aug 4, 2023
@openshift-merge-robot openshift-merge-robot merged commit bdbde07 into parodos-dev:main Aug 4, 2023
5 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@anludke anludke Awaiting requested review from anludke

@lshannon lshannon Awaiting requested review from lshannon

Assignees
No one assigned
Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gabriel-farache @openshift-merge-robot @RichardW98