Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial thoughts and ideas #1

Open
18 of 23 tasks
ckotzbauer opened this issue Feb 2, 2022 · 1 comment
Open
18 of 23 tasks

Initial thoughts and ideas #1

ckotzbauer opened this issue Feb 2, 2022 · 1 comment
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@ckotzbauer
Copy link
Owner

ckotzbauer commented Feb 2, 2022
edited
Loading

Sources

  • Load SBOMs from Git-Repository (previously created from sbom-operator)
  • Cron-Trigger (like sbom-operator)
  • Webhook-Trigger (e.g. called from sbom-operator)

Targets

  • Prometheus-Metrics (⚠️ needs more specification)
  • Messaging (How to avoid sending the same messages for found CVEs on each scan?)
  • Report generation
    • READMEs
    • Web-Report served from vulnerability-operator itself or uploaded to a destination
    • JSON-Report served from vulnerability-operator itself
  • PolicyReport-CRDs (maybe there's a way to include this in Kyverno's Policy-Reporter)

Scanning

CVE-Filtering-Options

  • Only fixed
  • Severity-Threshold
  • Ignorelist

Build / Security

Deployment

  • Plain Kubernetes-YAMLs
  • Helm-Chart
  • Built-in (but optional) ServiceMonitor for Prometheus-Operator CRD
@ckotzbauer ckotzbauer mentioned this issue Feb 2, 2022
Closed
@github-actions
Copy link

github-actions bot commented Jun 8, 2022

This issue is stale because it has been open 90 days with no activity. Remove stale label with /remove-lifecycle stale or comment or this will be closed in 5 days.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 8, 2022
@ckotzbauer ckotzbauer added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ckotzbauer