[BUILD-959] PoC: replace CVE scans with Snyk? Created: 22/Nov/22 Updated: 22/Nov/22 |
|
| Status: | Open |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoR: |
Empty
|
| Description |
|
For quite a few weeks there's been an integration with Snyk happening. Snyk is a powerful to manage vulnerabilities. We mostly use it for Docker images & K8s clusters for now, but it can also be linked to repositories. We should try giving that a shot as a replacement to our custom CVE scanning. |