Open
Description
Building and deploying a docker container comes with maintaining the security of the image over time.
This repository needs a way to scan, alert or create and issue.
Triggers could be on PR, push to main, and/or periodically
The risk by not doing this:
- Over time, vulnerabilities can arise and the deployed images can be at-risk for extended periods of time without knowing
Pros:
- For code that doesn't update often but is still used, it will force us to keep minor infra updates
example tool to scan (don't have to use this)
Activity