Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(container-image-scan) - implement container image scan in GHA CI #352

Open
abhisheksr01 opened this issue Dec 26, 2024 · 0 comments
Open

feat(container-image-scan) - implement container image scan in GHA CI #352

abhisheksr01 opened this issue Dec 26, 2024 · 0 comments
Labels
enhancement New feature or request security-devsecops Security features to improve the security posture and implement DevSecpOps

Comments

@abhisheksr01
Copy link
Owner

Description

Implement container image scan in GHA CI.

Use Case

To ensure the container image usage is secure.

Proposed Solution

  • Use Trivy Marketplace action for scanning container image before publishing the image in docker-build-push job.
  • If image is vulnerable than they do publish the image.
  • If image is vulnerable and exception is granted then the image should be published..

Benefits

  • Shift left
  • Secure usage of container images
  • Improved security posture

Example:

  • Provide examples of how the feature will work or how it will be used, if possible.

Additional Information

https://github.com/marketplace/actions/aqua-security-trivy
@abhisheksr01 abhisheksr01 added enhancement New feature or request security-devsecops Security features to improve the security posture and implement DevSecpOps labels Dec 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security-devsecops Security features to improve the security posture and implement DevSecpOps
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abhisheksr01