Skip to content

Create trivy.yml GitHub action workflow for Trivy scan #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: atherton
Choose a base branch
from
Draft

Create trivy.yml GitHub action workflow for Trivy scan #35

wants to merge 3 commits into from

Conversation

@cruizen
Copy link
Contributor

@cruizen cruizen commented Oct 26, 2023

No description provided.

mithilarun
mithilarun previously approved these changes Oct 26, 2023
View reviewed changes
@cruizen
Update trivy.yml
6718b04 
Update image org:name
@cruizen
Update trivy.yml
53cdeaa 
`docker build` was failing since `Dockerfile` is in `./container` and not `.`
@cruizen
Copy link
Contributor Author

cruizen commented Oct 27, 2023

@Sanket36 This action fails because it is unable to download the base image from artifactory

ERROR: failed to solve: DeadlineExceeded: DeadlineExceeded: DeadlineExceeded: artifactory.platform9.horse/docker-local/pf9-py39-baseimg-alpine:stable: failed to do request: Head "https://artifactory.platform9.horse/v2/docker-local/pf9-py39-baseimg-alpine/manifests/stable": dial tcp 52.27.199.157:443: i/o timeout
Error: Process completed with exit code 1.

@cruizen cruizen requested a review from sanket-l October 27, 2023 08:30
@cruizen cruizen marked this pull request as draft October 27, 2023 09:04
@cruizen
Copy link
Contributor Author

cruizen commented Oct 27, 2023

Since the artifactory images are on pf9 VPN, we have to hold the Trivy GitHub actions for repositories (Docker images) that use pf9-py39-base-image or pf9-py39-build-image as base image - unless we can make the images in artifactory public! (or even move them to qyay.io?)

@cruizen
Copy link
Contributor Author

cruizen commented Sep 3, 2025

Since the artifactory images are on pf9 VPN, we have to hold the Trivy GitHub actions for repositories (Docker images) that use pf9-py39-base-image or pf9-py39-build-image as base image - unless we can make the images in artifactory public! (or even move them to qyay.io?)

cc: @hsri-pf9

@cruizen cruizen requested a review from hsri-pf9 September 3, 2025 04:56
@hsri-pf9
Copy link
Contributor

hsri-pf9 commented Sep 3, 2025

We have two options either we can skip trivy scans for repos that use pf9 artifactory images or make it public. There is already present trivy scan in the main

vouch/.github/workflows/security-scan.yml

Line 88 in c260919

trivy_scan:

this always runs trivy fs on the filesystem so it does not depend on building/pulling the base Docker image. But if we want to add image scan job like this PR then we will hit VPN problem and either have to skip or make the image public

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mithilarun mithilarun mithilarun left review comments

@poojaghumre poojaghumre Awaiting requested review from poojaghumre

@sanket-l sanket-l Awaiting requested review from sanket-l

@hsri-pf9 hsri-pf9 Awaiting requested review from hsri-pf9

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cruizen @hsri-pf9 @mithilarun