Process for reporting issues with our images

[duglin]

I'm told that GCR will scan our images for vulnerabilities but there isn't yet a process in place for us to be notified when something of concern is detected. We need something to tell us of the issue so we can investigate/fix it.

@dlorenc @mattmoor

[jessiezcc]

This would be great value add, and we should have it for all knative related projects.

[mattmoor]

@jessiezcc We already scan gcr.io/knative-releases. The question is how we're notified of the issues, and on what channels. @nbarthwal Dan's old team had infrastructure for this, so please coordinate with him before we roll out own.

[nbarthwal]

Ok. What is Dan’s LDAP?

…

On Apr 15, 2019, at 11:23 AM, Matt Moore ***@***.***> wrote: @jessiezcc <https://github.com/jessiezcc> We already scan gcr.io/knative-releases. The question is how we're notified of the issues, and on what channels. @nbarthwal <https://github.com/nbarthwal> Dan's old team had infrastructure for this, so please coordinate with him before we roll out own. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#136>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AsL15kRSZxDgBDvXik1QpHB6MwqN-dRzks5vhMOMgaJpZM4cfFZ4>.

[mattmoor]

same as above :)

[adrcunha]

It seems that notifications are available through Pub/Sub: https://cloud.google.com/container-registry/docs/get-image-vulnerabilities

[adrcunha]

Nikhil left the team, assigning this issue to me.
/assign adrcunha
/unassign nbarthwal

[adrcunha]

Vulnerability scanning is now enabled for knative-nightly and knative-tests.

[adrcunha]

The missing part is subscribing to the pubsub topic and publishing it as e-mail. Joyce has the necessary knowledge for doing that.

/unassign adrcunha
/assign @yt3liu

[kramvan1]

@adrcunha Will the email list be open to users to get on? As a consumer of Istio, I would like to see the scan output. Maybe just use a new repo and create issues instead of email? or a repo wiki page for each scan?