k0pper opened a new issue #558:
URL: https://github.com/apache/camel-kamelets/issues/558
## Problem
I am working on evaluating Kamelets from different point of views. One of
them is the question, how to make sure containers that are spun up during the
creation of an integration (whether with java or kamelets, I guess it doesn't
matter for now) are **safe**.
Because there is no Code in Kamelets I quickly discarded the idea of
Code-Scanning dependencies in Kamelets. Seems like there is neither a feature
in Camel-K, nor another external tool that helps with that.
## Possible Solution
I read about **Container Scanning**, and found some tools related to it like
[Clair](https://github.com/quay/clair),
[Trivy](https://github.com/aquasecurity/trivy) and the [Container Scanning
Feature in Snyk](https://docs.snyk.io/products/snyk-container)
## Questions
* But is there an accepted / proven way to do something like a container
scan of containers that are generated by Camel-K from a KameletBinding? Does
anyone have experience with that?
* Is there something planned in the future in terms of scanning the
dependencies directly from the Kamelet without building the container?
* Bonus Question: When using Camel-K with minikube, how to access the actual
images created from the Kamelets?
Alex
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
