[KEP-3203] Prow job to Push CVE feed to GCS bucket

config/jobs/kubernetes/sig-k8s-infra/trusted/sig-security-trusted.yaml

@@ -91,3 +91,28 @@ periodics:
     testgrid-num-failures-to-alert: '1'
     testgrid-dashboards: sig-security-snyk-scan
     description: Run snyk scan on k/k master periodically
+- name: auto-refreshing-official-cve-feed
+  interval: 2h
+  cluster: k8s-infra-prow-build-trusted
+  decorate: true
+  extra_refs:
+  - org: kubernetes
+    repo: sig-security
+    base_ref: main
+  labels:
+    preset-service-account: "true"
+  spec:
+    serviceAccountName: k8s-cve-feed
+    containers:
+    - image: python3.7
+      command:
+      - cd sig-security-tooling/cve-feed/hack/ && ./fetch-cve-feed.sh
+      env:
+      - name: CVE_GCS_PATH
+        value: "gs://k8s-cve-feed"
+  annotations:
+    testgrid-create-test-group: "true"
+    testgrid-alert-email: security-tooling-private@kubernetes.io
+    testgrid-num-failures-to-alert: '1'
+    testgrid-dashboards: sig-security-cve-feed
+    description: Auto refreshing official cve feed KEP 3203

config/testgrids/kubernetes/sig-security/config.yaml

@@ -5,9 +5,11 @@ dashboard_groups:
   dashboard_names:
   - sig-security-cvelist-public
   - sig-security-snyk-scan
+  - sig-security-cve-feed
 
 # Dashboards
 #
 dashboards:
 - name: sig-security-cvelist-public
 - name: sig-security-snyk-scan
+- name: sig-security-cve-feed