Chore - refactor image scanning process #5247

St0rmz1 · 2025-03-28T20:36:27Z

What this PR does / why we need it:

Enhancements to the daily image scanning process

file and job name changes for clarity
added input validations
the reusable workflow now creates a sarif even if no vulns detected. This is so external tools will always have a recent file to pull for reporting.

St0rmz1/chore/refactor scanning

Which issue(s) this PR fixes:

NONE

Does this PR require a test?

NONE

Does this PR require a release note?

NONE

Does this PR require documentation?

NONE

add validations of inputs handle case if sarif cannot be created from grype, then we create one anyway this way the reporting systems will always have a recent sarif to use

.github/workflows/scan-image-grype.yml

good catch Co-authored-by: Ethan Mosbaugh <[email protected]>

…positive with the linter https://docs.github.com/en/actions/learn-github-actions/expressions#status-check-functions

St0rmz1 added 2 commits March 28, 2025 13:28

rename

8049a41

add validations of inputs handle case if sarif cannot be created from grype, then we create one anyway this way the reporting systems will always have a recent sarif to use

add inputs required by the reusable workflow

09a5958

St0rmz1 added the type::chore label Mar 28, 2025

St0rmz1 added 2 commits March 28, 2025 13:46

change validation syntax to make the linter happy

8fa1422

making silly linters happy

56bda26

St0rmz1 marked this pull request as ready for review March 28, 2025 21:43

St0rmz1 assigned laverya Mar 28, 2025

emosbaugh reviewed Mar 31, 2025

View reviewed changes

.github/workflows/scan-image-grype.yml Outdated Show resolved Hide resolved

.github/workflows/scan-image-grype.yml Outdated Show resolved Hide resolved

.github/workflows/scan-image-grype.yml Outdated Show resolved Hide resolved

Update .github/workflows/scan-image-grype.yml

4370dbd

good catch Co-authored-by: Ethan Mosbaugh <[email protected]>

St0rmz1 marked this pull request as draft March 31, 2025 15:57

St0rmz1 and others added 4 commits March 31, 2025 09:53

Note if: !cancelled() is a valid per docs, but I think its a false …

26b2795

…positive with the linter https://docs.github.com/en/actions/learn-github-actions/expressions#status-check-functions

removed jq. Confirmed is on the runner by default

9858104

fix syntax and remove install of jq to the runner

1d54b7c

Merge branch 'main' into St0rmz1/chore/refactor-scanning

6a38ef9

St0rmz1 marked this pull request as ready for review March 31, 2025 18:56

emosbaugh approved these changes Mar 31, 2025

View reviewed changes

St0rmz1 merged commit 95a0b8c into main Mar 31, 2025
95 checks passed

St0rmz1 deleted the St0rmz1/chore/refactor-scanning branch March 31, 2025 20:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Chore - refactor image scanning process #5247

Chore - refactor image scanning process #5247

Uh oh!

St0rmz1 commented Mar 28, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Chore - refactor image scanning process #5247

Chore - refactor image scanning process #5247

Uh oh!

Conversation

St0rmz1 commented Mar 28, 2025

What this PR does / why we need it:

Which issue(s) this PR fixes:

Does this PR require a test?

Does this PR require a release note?

Does this PR require documentation?

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!