gyokketto commented on PR #8991: URL: https://github.com/apache/pinot/pull/8991#issuecomment-1185676181
> > > > the commit hash [438c53b](https://github.com/apache/pinot/commit/438c53b) was on May 12. would you be able to share exactly how we can generate this report from a docker image or dist-JAR? Well, that is interesting. The hash is old, but the date is recent. Yes, I was thinking that the scan could regularly run after the snapshot image is generated. In our environment we can pull a docker image from our artifactory image repo and running that image we can generate a report from any image that we pulled locally. A simpler report is emitted to the console and the full one is uploaded to our prisma cloud server. Whatever image we deploy to our infrastructure is scanned automatically and we are notified if there is a vulnerability in it. `$ twistcli images scan --details --address https://<prisma server address> -u '<user name>' apachepinot/pinot:0.11.0-SNAPSHOT-438c53b-20220715` I can ask the team that supports it how it could be set up. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
