Skip to content

Automate updates and security checks for the swagger-ui docker image  #7514

New issue
New issue
Closed
Closed
Automate updates and security checks for the swagger-ui docker image #7514
Assignees
char0n
Labels
cat: dockersecurity fixSecurity fix generated by WhiteSourceversion: 3.xversion: 4.x
@char0n

Description

@char0n
char0n
opened on Sep 17, 2021

Dockerfile updates can be handled by dependabot automatically. Only minor versions bump should be allowed to automatically merge. Security checks can run in nightly builds using https://github.com/aquasecurity/trivy-action which we already use to check security issues in our docker images (now checked manually).

Dependabot example for dockerfile updates: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

cat: dockersecurity fixSecurity fix generated by WhiteSourceversion: 3.xversion: 4.x

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions