8000 Add Trivy security scans by btme0011 · Pull Request #6876 · appwrite/appwrite · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add Trivy security scans #6876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 21, 2024
Merged

Add Trivy security scans #6876

merged 5 commits into from
Aug 21, 2024

Conversation

btme0011
Copy link
Contributor
@btme0011 btme0011 commented Oct 10, 2023
edited
Loading

What does this PR do?

Added Trivy scan

Test Plan

Ran the scan on my personal forked Repo link

Related PRs and Issues

Checklist

  • Have you read the Contributing Guidelines on issues?
  • If the PR includes a change to an API's metadata (desc, label, params, etc.), does it also include updated API specs and example docs?

@btme0011
Copy link
Contributor Author

Currently the scan is failing Created an issue for it - link

@stnguyen90 stnguyen90 self-requested a review October 10, 2023 15:04
stnguyen90
stnguyen90 requested changes Oct 13, 2023
View reviewed changes
Copy link
Contributor
@stnguyen90 stnguyen90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great PR! 🤯 We left some comments during the review, please check them out.

.github/workflows/trivy.yml Outdated
Comment on lines 17 to 18
- name: Build the Docker image
run: docker build . -t appwrite_image:latest
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's build like how we do in tests to make use of caching:

appwrite/.github/workflows/tests.yml

Lines 28 to 44 in fce1864

# This is a separate action that sets up buildx runner
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build Appwrite
uses: docker/build-push-action@v3
with:
context: .
push: false
tags: appwrite-dev
load: true
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
DEBUG=false
TESTING=true
VERSION=dev

.github/workflows/trivy.yml Outdated
@@ -0,0 +1,27 @@
name: Trivy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's name the file scan-container.yml and make this name Scan container. The workflow and goal is to have scans for containers and trivy is just a tool that may get swapped out later.

@stnguyen90 stnguyen90 added the hacktoberfest-accepted Accepted for Hacktoberfest, will be merged later label Oct 27, 2023
@github-actions github-actions bot mentioned this pull request Nov 1, 2023
Closed
@btme0011 @stnguyen90
Update .github/workflows/trivy.yml
56e2610 
Co-authored-by: Steven Nguyen <1477010+stnguyen90@users.noreply.github.com>
@stnguyen90 stnguyen90 self-requested a review February 18, 2024 23:52
@gewenyu99
Copy link
Contributor

Hey there! There were a lot of big PRs during this Hacktoberfest, and we wanted to give everyone ample time to collaborate with our engineering team. If you were able to merge your PRs during October, amazing. If it’s still not merged, don’t worry about it either. Either way, we’ve got your Hacktoberfest swag minted and ready to ship.

Please comment with your Discord username here so we can contact you about your shipping information to deliver your Hacktoberfest swag.

@EVDOG4LIFE EVDOG4LIFE requested review from stnguyen90 and removed request for stnguyen90 August 1, 2024 22:39
@EVDOG4LIFE
Copy link
Contributor

Refactored this into a nightly running job that builds the image from source and runs a filesystem scan to scan for potential code vulnerabilities.

Sample of what they look like - https://github.com/EVDOG4LIFE/appwrite_wfTest/security/code-scanning

FS and Image scan happen in parallel - see successful run on my fork here - https://github.com/EVDOG4LIFE/appwrite_wfTest/actions/runs/10206787738

@stnguyen90 stnguyen90 merged commit 9301bdd into appwrite:main Aug 21, 2024
23 checks passed
@stnguyen90 stnguyen90 changed the title feature-5232-Trivy-Security-Scans Add Trivy security scans Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stnguyen90 stnguyen90 stnguyen90 approved these changes

Assignees
No one assigned
Labels
hacktoberfest-accepted Accepted for Hacktoberfest, will be merged later
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@btme0011 @gewenyu99 @EVDOG4LIFE @stnguyen90
0