Skip to content

add security-scan for CRT (#13627)#13863

Merged
claire-labry merged 1 commit intorelease/1.7.xfrom
backport-security-scan
Feb 1, 2022
Merged

add security-scan for CRT (#13627)#13863
claire-labry merged 1 commit intorelease/1.7.xfrom
backport-security-scan

Conversation

@claire-labry
Copy link
Copy Markdown
Collaborator

@claire-labry claire-labry commented Feb 1, 2022

  • add security-scan

  • updating the alpine version

  • clean up

  • update the alpine version to be more prescriptive

@claire-labry
add security-scan for CRT (#13627)
3d4f9b8 
* add security-scan

* updating the alpine version

* clean up

* update the alpine version to be more prescriptive
mladlow
mladlow approved these changes Feb 1, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@mladlow mladlow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved the backports - I think I have a pretty clear understanding of how this works except for the security-scan.hcl file, would you mind dropping a description of that in the comment chain on maybe the main PR or the ENT PR?

@claire-labry
Copy link
Copy Markdown
Collaborator Author

claire-labry commented Feb 1, 2022
edited
Loading

the security-scan.hcl is a declarative file where the security-scanner (owned by Security) will attempt to find in your repo. In each of the two stanzas container and binary there are options that are set to true/false to allow the scanner to read and detect any vulns/CVEs that may arise. If any of those vulns arise, then the workflows will stop and output the vulnerability.
here’s a link to more in depth explanation for that config file: https://github.com/hashicorp/security-scanner/blob/main/CONFIG.md

@claire-labry claire-labry merged commit c7101a5 into release/1.7.x Feb 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarahethompson sarahethompson Awaiting requested review from sarahethompson

1 more reviewer

@mladlow mladlow mladlow approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@claire-labry @mladlow