Building and deploying a docker container comes with maintaining the security of the image over time.
This repository needs a way to scan, alert or create and issue.
Triggers could be on PR, push to main, and/or periodically
The risk by not doing this:
- Over time, vulnerabilities can arise and the deployed images can be at-risk for extended periods of time without knowing
Pros:
- For code that doesn't update often but is still used, it will force us to keep minor infra updates
example tool to scan (don't have to use this)
Building and deploying a docker container comes with maintaining the security of the image over time.
This repository needs a way to scan, alert or create and issue.
Triggers could be on PR, push to main, and/or periodically
The risk by not doing this:
Pros:
example tool to scan (don't have to use this)