Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HOTFIX] Scanning action detecting vulnerabilities shouldn't fail publish pipeline #299

Merged
merged 1 commit into from
Aug 24, 2022
Merged

[HOTFIX] Scanning action detecting vulnerabilities shouldn't fail publish pipeline #299

merged 1 commit into from
Aug 24, 2022

Conversation

skovati
Copy link
Contributor

@skovati skovati commented Aug 24, 2022
edited
Loading

This is done so that last minute dependency vulnerabilities don't
interfere with publishing. Scan results can (and should) still be viewed and acted
upon with a separate PR.

  • Tickets addressed: AERIE-HOTFIX
  • Review: By commit
  • Merge strategy: Merge (no squash)

Description

As it currently stands, last minute transitive dependencies with vulnerabilities can fail our publish pipeline, and require dependency updates right before a point release.

This PR makes trivy exit with code 0 even if vulns are detected, so that we can continue publishing and fix dependency vulnerabilities at a more convenient time.

Future work

AERIE-2042 will upload these scan results in the SARIF format as an artifact so we see failed scans in the Github Security page for the repo

@skovati
Exit with code 0 if vulns are detected
caf09d6 
This is done so that last minute dependency vulnerabilities don't
interfere with publishing. Scan results can still be viewed and acted
upon with a separate PR
@skovati skovati added the hotfix label Aug 24, 2022
@skovati skovati self-assigned this Aug 24, 2022
@skovati skovati temporarily deployed to e2e-test August 24, 2022 17:04 Inactive
@skovati skovati merged commit 5d2d8ac into develop Aug 24, 2022
@skovati skovati deleted the hotfix/allow-failed-vuln-scans branch August 24, 2022 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patkenneally patkenneally patkenneally approved these changes

@camargo camargo camargo approved these changes

@pcrosemurgy pcrosemurgy Awaiting requested review from pcrosemurgy

@mattdailis mattdailis Awaiting requested review from mattdailis

@goetzrrGit goetzrrGit Awaiting requested review from goetzrrGit

@dyst5422 dyst5422 Awaiting requested review from dyst5422

@adrienmaillard adrienmaillard Awaiting requested review from adrienmaillard

@JoelCourtney JoelCourtney Awaiting requested review from JoelCourtney

Assignees

@skovati skovati

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@skovati @camargo @patkenneally