Story (Required)

As a release engineer trying to do a y stream release, I want vulnerability scanning to happen on a regular basis for the artifiacts released for the new y stream release 1.15.0

Background (Required)

Prod security team, scans all released container images for any new vulnerabilities (CVEs) and creates an automated JIRA ticket for addressing the CVE. The scanning tool that runs periodically, uses a product configuration stored in a git repo. This configuration needs to be updated to include the newly released y stream release and the oldest y stream release which will reach end of support, needs to be removed from that configuration.

Out of scope

N/A

Approach (Required)

• Inform the prod security contact person about this new Y stream release.
• A PR has to be created by them to make this config change.

Dependencies

• This is a post release activity and can be taken only after the errata reaches the SHIPPED_LIVE status.

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met