Uploaded image for project: 'Machine Config Operator'
  1. Machine Config Operator
  2. MCO-998

Enable non-blocking SAST scans in OpenShift CI


    • 3
    • False
    • None
    • False
    • MCO Sprint 248, MCO Sprint 249, MCO Sprint 250
    • 0
    • 0.0

      As an OpenShift developer, I want to know that my code is as secure as possible by running static analysis on each PR.


      Periodically, scans are performed on all OpenShift repositories and the container images produced by those repositories. These scans usually result in numerous OCP bugs being opened into our queue (see linked bugs as an example), putting us in a more reactive state. Instead, we can perform these scans on each PR by following these instructions https://docs.ci.openshift.org/docs/how-tos/add-security-scanning/ to add this to our OpenShift CI configurations.


      Done When:

      • A PR to the openshift/release repository is merged which enables this configuration in a non-gating capacity.
      • All MCO team members are onboarded into the Snyk scan dashboard.
      • A preliminary scan report is produced which highlights areas for improvement.

            zzlotnik@redhat.com Zack Zlotnik
            zzlotnik@redhat.com Zack Zlotnik
            0 Vote for this issue
            1 Start watching this issue