Skip to content

Adding Vulnerability Scans and SBOM Creation with Trivy

Benjamin Hamm requested to merge feature/vulnerability_scan into develop

I have added vulnerability scans for images and creation of SBOMs during build using Trivy, a comprehensive vulnerability scanner. To make the implementation easier and more maintainable, I have also created a TrivyUtils class in security_utils.py which contains the necessary functions used during build.

There is also the option to filter vulnerabilities based on their severity levels, so I have included a severity filter for CRITICAL, HIGH, MEDIUM, LOW, and UNKNOWN vulnerabilities. I have set the --ignore-unfixed flag to be on by default, but I will revisit this setting as it could potentially filter out vulnerabilities in old software that may never receive updates.

Merge request reports