Skip to content

add vulnerability scan #585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
May 28, 2025
Merged

add vulnerability scan #585

merged 13 commits into from
May 28, 2025

Conversation

m-Bilal
Copy link
Member

@m-Bilal m-Bilal commented May 25, 2025
edited
Loading

This PR adds vulnerability scanning for new connector releases

How

Three new commands have been added:

  1. download-artifacts: This command is responsible for downloading connector artifacts (CLI Plugins, targz file, Docker Images)
  2. scan trivy: This command scans the downloaded connector artifacts using Trivy
  3. scan gokakashi: This commands scans all connector docker images using Gokakashi

Trivy scan runs on new PRs
Gokakashi scan runs once a day periodically

Review

This PR refactors and changes a few files. I've broken the changes down by commits. I'd recommend using commits to review this.

Tests

Tests for the new commands (and functions) are not yet present. I'll be adding them in a follow up PR

@m-Bilal m-Bilal force-pushed the m-bilal/vulnerability-scan branch from add279c to 866888c Compare May 26, 2025 17:15
@m-Bilal m-Bilal requested review from SandeepSamba, scriptnull, codingkarthik and codedmart and removed request for SandeepSamba and scriptnull May 26, 2025 17:19
@m-Bilal m-Bilal force-pushed the m-bilal/vulnerability-scan branch 2 times, most recently from 4df23ca to 677225e Compare May 27, 2025 10:57
@m-Bilal m-Bilal force-pushed the m-bilal/vulnerability-scan branch 3 times, most recently from 6ecbafa to 101a320 Compare May 27, 2025 16:13
@m-Bilal m-Bilal changed the title trivy vulnerability scan add vulnerability scan May 27, 2025
@m-Bilal m-Bilal force-pushed the m-bilal/vulnerability-scan branch 2 times, most recently from c01dba0 to dfa5fdf Compare May 28, 2025 12:48
@m-Bilal m-Bilal force-pushed the m-bilal/vulnerability-scan branch from dfa5fdf to e4bfbbe Compare May 28, 2025 12:49
danieljharvey
danieljharvey reviewed May 28, 2025
View reviewed changes
danieljharvey
danieljharvey approved these changes May 28, 2025
View reviewed changes
Copy link
Contributor

@danieljharvey danieljharvey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This all seems very sensible.

@m-Bilal m-Bilal merged commit 8f3e581 into main May 28, 2025
6 checks passed
@m-Bilal m-Bilal deleted the m-bilal/vulnerability-scan branch May 28, 2025 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danieljharvey danieljharvey danieljharvey approved these changes

@codingkarthik codingkarthik Awaiting requested review from codingkarthik

@SandeepSamba SandeepSamba Awaiting requested review from SandeepSamba

@codedmart codedmart Awaiting requested review from codedmart

@scriptnull scriptnull Awaiting requested review from scriptnull

Assignees
No one assigned
Labels
connector-staging-deploy-success
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@m-Bilal @danieljharvey @hasura-ci