Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a step in the build pipeline to scan the grype/trivy results for issues #3133

Closed
jimmykarily opened this issue Jan 20, 2025 · 4 comments · Fixed by #3134
Closed

Add a step in the build pipeline to scan the grype/trivy results for issues #3133

jimmykarily opened this issue Jan 20, 2025 · 4 comments · Fixed by #3134
Assignees
@jimmykarily

Comments

@jimmykarily
Copy link
Contributor

jimmykarily commented Jan 20, 2025
edited
Loading

Especially since the "Security" tab doesn't work very well.
@jimmykarily jimmykarily converted this from a draft issue Jan 20, 2025
@jimmykarily jimmykarily moved this from Todo 🖊 to In Progress 🏃 in 🧙Issue tracking board Jan 20, 2025
@jimmykarily jimmykarily self-assigned this Jan 20, 2025
@jimmykarily jimmykarily mentioned this issue Jan 20, 2025
Merged
@github-project-automation github-project-automation bot moved this from In Progress 🏃 to Done ✅ in 🧙Issue tracking board Jan 20, 2025
@jimmykarily
Copy link
Contributor Author

Added a step but unfortunately GitHub doesn't have a nice way to preset optional steps: actions/runner#2347

End result: it runs, it fails but it's not visible in the pipeline unless you click on it.

Also downloading the scan results from the pipeline artifacts, unzipping then an parsing them with a tool (e.g. sarif-tools) is a tedious job. Let's hope GitHub fixes the "Security" tab issue.

@jimmykarily
Copy link
Contributor Author

jimmykarily commented Jan 20, 2025
edited
Loading

Would be nice is we could use something like this: https://microsoft.github.io/sarif-web-component/

I'll do some research. Maybe there is an easy way to preset the scan results outside github.

Update: It's open source: https://github.com/microsoft/sarif-web-component
You can run it locally by xdg-open docs/index.html (from that repo)

@jimmykarily jimmykarily moved this from Done ✅ to In Progress 🏃 in 🧙Issue tracking board Jan 20, 2025
@jimmykarily jimmykarily reopened this Jan 20, 2025
@github-project-automation github-project-automation bot moved this from In Progress 🏃 to Under review 🔍 in 🧙Issue tracking board Jan 20, 2025
@jimmykarily
Copy link
Contributor Author

Scan results can be downloaded with one command:

gh run --repo kairos-io/kairos download 12867815838 --pattern "*scan-results.zip" -D results/

@jimmykarily jimmykarily moved this from Under review 🔍 to Todo 🖊 in 🧙Issue tracking board Jan 20, 2025
@jimmykarily jimmykarily moved this from Todo 🖊 to In Progress 🏃 in 🧙Issue tracking board Jan 20, 2025
@jimmykarily
Copy link
Contributor Author

Step was added. It's still not easy to consume but I don't see how it can be easily improved currently.

@github-project-automation github-project-automation bot moved this from In Progress 🏃 to Done ✅ in 🧙Issue tracking board Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jimmykarily jimmykarily

Labels
None yet
Projects
🧙Issue tracking board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Check scan results and upload them too kairos-io/kairos
1 participant
@jimmykarily