This is an automated email from the ASF dual-hosted git repository.
weitingchen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-gluten-site.git
The following commit(s) were added to refs/heads/main by this push:
new 44d4836 Add Security Scan steps (#36)
44d4836 is described below
commit 44d483668b8543ac135956661c795179596d4410
Author: Wei-Ting Chen <[email protected]>
AuthorDate: Wed Dec 4 17:36:10 2024 +0800
Add Security Scan steps (#36)
---
docs/developers/HowToSecurityScan.md | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/docs/developers/HowToSecurityScan.md
b/docs/developers/HowToSecurityScan.md
new file mode 100644
index 0000000..e08f601
--- /dev/null
+++ b/docs/developers/HowToSecurityScan.md
@@ -0,0 +1,30 @@
+---
+layout: page
+title: How To Scan Security issues
+nav_order: 11
+parent: Developers
+grand_parent: Documentations
+permalink: /docs/developers/how-to-security-scan/
+---
+# How to scan the security issues
+
+This section outlines the steps to use tools to scan Apache Gluten
(incubating) source code and make sure no vulnerability issues in the code.
+All projects under the Apache umbrella must adhere to the [Apache Release
Policy](https://www.apache.org/legal/release-policy.html). This guide is
designed to assist you in comprehending the policy and navigating the process
of releasing projects at Apache.
+
+## Scan Security Process
+
+Before every Apache Gluten (incubating) release, we need to ensure there is no
vulnerability issue in the source code.
+We use [Trivy](https://github.com/aquasecurity/trivy) as the tool to scan all
the security issues.
+
+
+1. Install Trivy, please follow the steps to install Trivy: [Trivy
Installation](https://trivy.dev/latest/getting-started/installation/)
+
+2. Configuring Trivy, please follow the guide to configure Trivy for specific
operation: [Trivy Configuration](https://trivy.dev/latest/docs/configuration/)
+
+3. Run Trivy File System Scan with the source code. Below is an example about
how we run Trivy scan with Apache Gluten (incubating) source code. You can use
your own tpl file as a template.
+
+```bash
+trivy fs --list-all-pkgs --format template --template "@/PATH/TO/csv.tpl"
--output ./trivy-report.csv /PATH/TO/GLUTEN_LOCATION/
+```
+
+4. Open the report file and check if there is any vulnerability issue
highlighted. We must guarantee all the vulnerability issue has been solved
before an official release.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
