Description
So much can happen when we build containers with a set of tools, base images, and permissions embedded in them. Even with the best intentions, security issues arise regularly. They have to be prevented as soon as possible, which is why security checks are already embedded in the CI workflow.
What's not found currently is scanning the container that would run in production. For instance, #39 was created due to a huge security issue that needed to be resolved. In the context of this issue, I'm planning to investigate a container scanning tool called Trivy from Aqua
This step will ensure that critical or high-severity vulnerabilities in the base image or dependencies are detected before deployment.
Tasks
Description
So much can happen when we build containers with a set of tools, base images, and permissions embedded in them. Even with the best intentions, security issues arise regularly. They have to be prevented as soon as possible, which is why security checks are already embedded in the CI workflow.
What's not found currently is scanning the container that would run in production. For instance, #39 was created due to a huge security issue that needed to be resolved. In the context of this issue, I'm planning to investigate a container scanning tool called Trivy from Aqua
This step will ensure that critical or high-severity vulnerabilities in the base image or dependencies are detected before deployment.
Tasks