Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update dependencies, authenticate docker hub #3882

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

tricky42
Copy link
Contributor

@tricky42 tricky42 commented Nov 9, 2024

This pull request includes several updates to the .github/workflows/cve-scan.yaml file to enhance the security scanning process and update dependencies.

Workflow Enhancements:

  • Added workflow_dispatch to allow manual triggering of the workflow.
  • Added permissions to specify read access to contents and write access to security events.

Dependency Updates:

  • Updated actions/checkout from v3 to v4.
  • Updated docker/setup-qemu-action from v2 to v3.
  • Updated docker/setup-buildx-action from v2 to v3.
  • Updated anchore/scan-action from v3 to v5.
  • Updated github/codeql-action/upload-sarif from v2 to v3.
  • Updated erzz/dockle-action from v1.3.2 to v1.

Configuration Changes:

  • Added steps to login to GitHub Container Registry and configure Trivy for enhanced security scanning.
  • Unified the image name definition to use IMAGE_NAME environment variable across all steps. [1] [2] [3]
  • Added environment variables to Trivy configuration to skip Java DB updates and disable VEX notices.

@tricky42
Copy link
Contributor Author

tricky42 commented Nov 9, 2024

If there are no inconsistencies (like in the Hydra image tag case), this script version should work in all OpenSource repos for our services (Kratos, Oathkeeper, Keto, Hydra). I will check this; then, we could place it in ory/meta and sync it, or?

@aeneasr
Copy link
Member

aeneasr commented Nov 11, 2024

I will check this; then, we could place it in ory/meta and sync it, or?

absolutely

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants