Description

The Offering Team will investigate and remediate any malware found during a scan. If the workflow fails to verify if the malware signatures are current, the maintainer of the pipeline is responsible for updating signatures.

Definition of Done

• An appropriate malware scanner is implemented into the productization pipeline.
• Links to the pipeline definition where the malware scanner has been implemented are added to https://product-security.pages.redhat.com/offering-registry/offerings/openshift-servicemesh/evidence/malware_detection/

References and Examples

• ClamAV
• ScanChain