Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorporate container image scanning and alerting for cert renewer and wpt server docker images #68

Open
jcscottiii opened this issue Aug 8, 2022 · 0 comments
Open

Incorporate container image scanning and alerting for cert renewer and wpt server docker images #68

jcscottiii opened this issue Aug 8, 2022 · 0 comments

Comments

@jcscottiii
Copy link
Collaborator

Building and deploying a docker container comes with maintaining the security of the image over time.

This repository needs a way to scan, alert or create and issue.
Triggers could be on PR, push to main, and/or periodically

The risk by not doing this:

  • Over time, vulnerabilities can arise and the deployed images can be at-risk for extended periods of time without knowing

Pros:

  • For code that doesn't update often but is still used, it will force us to keep minor infra updates

example tool to scan (don't have to use this)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jcscottiii