As an OpenShift developer, I want to know that my code is as secure as possible by running static analysis on each PR.

Periodically, scans are performed on all OpenShift repositories and the container images produced by those repositories. These scans usually result in numerous OCP bugs being opened into our queue (see linked bugs as an example), putting us in a more reactive state. Instead, we can perform these scans on each PR by following these instructions https://docs.ci.openshift.org/docs/how-tos/add-security-scanning/ to add this to our OpenShift CI configurations.

Done When:

• A PR to the openshift/release repository is merged which enables this configuration in a non-gating capacity.
• All MCO team members are onboarded into the Snyk scan dashboard.
• A preliminary scan report is produced which highlights areas for improvement.