pnoltes opened a new issue, #825:
URL: https://github.com/apache/celix/issues/825
Add **vulnerability scanning** to the CI pipeline based on the generated
SBOM.
### Scope
* Scan SBOM build artefact for **known vulnerabilities (CVE / CVSS)**
* Use **OSS tooling** (e.g. grype, trivy, osv-scanner)
* Initial setup is **report-only** (no CI gating)
* Bonus: add CI gating for issues with a CVSS of 9 or higher.
tool recommendations are welcome.
### Expected outcome
* CI job that performs vulnerability scanning
* Machine-readable scan output published as a CI artifact
* Short documentation describing:
* which tool is used
* what is (and is not) covered
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
