Skip to content

🌱 Add weekly security scan using govulncheck and trivy #2553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2025
Merged

🌱 Add weekly security scan using govulncheck and trivy #2553

merged 1 commit into from
May 20, 2025

Conversation

lentzi90
Copy link
Contributor

What this PR does / why we need it:

Manual backport of #2536 (needed for the make targets so that the scan can run).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

  1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

  • squashed commits
  • if necessary:
    • includes documentation
    • adds unit tests

@lentzi90
Add weekly security scan using govulncheck and trivy
eb09788 
This is all based on how CAPI does the same.

Signed-off-by: Lennart Jern <[email protected]>
@netlify Netlify
Copy link

netlify bot commented May 19, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name Link
🔨 Latest commit eb09788
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-cluster-api-openstack/deploys/682b0a4ece77ac00083c3f84
😎 Deploy Preview https://deploy-preview-2553--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 19, 2025
@k8s-ci-robot k8s-ci-robot requested review from EmilienM and mdbooth May 19, 2025 10:39
@mnaser
Copy link
Contributor

mnaser commented May 20, 2025

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 20, 2025
@lentzi90
Copy link
Contributor Author

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lentzi90

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 20, 2025
@k8s-ci-robot k8s-ci-robot merged commit 57e1d20 into kubernetes-sigs:release-0.11 May 20, 2025
9 checks passed
@github-project-automation github-project-automation bot moved this from Inbox to Done in CAPO Roadmap May 20, 2025
@lentzi90
Copy link
Contributor Author

/cherry-pick release-0.10

@k8s-infra-cherrypick-robot
Copy link

@lentzi90: #2553 failed to apply on top of branch "release-0.10":

Applying: Add weekly security scan using govulncheck and trivy
Using index info to reconstruct a base tree...
M	Makefile
Falling back to patching base and 3-way merge...
Auto-merging Makefile
CONFLICT (content): Merge conflict in Makefile
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 Add weekly security scan using govulncheck and trivy

In response to this:

/cherry-pick release-0.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EmilienM EmilienM Awaiting requested review from EmilienM

@mdbooth mdbooth Awaiting requested review from mdbooth

Assignees

@mnaser mnaser

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
CAPO Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lentzi90 @mnaser @k8s-ci-robot @k8s-infra-cherrypick-robot