Skip to content

Commit

Permalink
add scan-vulnerabilities make target (grafana#10971)
Browse files Browse the repository at this point in the history 
**What this PR does / why we need it**:
 
Adds a make file target for running both trivy and snyk to scan our
images for vulnerabilities during/before releases.
  • Loading branch information
@trevorwhitney
trevorwhitney authored Oct 30, 2023
1 parent 8628b15 commit 53949dc
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,6 @@ pkg/loki/wal

# nix
nix/result

# snyk
.dccache
10 changes: 10 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -831,5 +831,15 @@ dev-k3d-down:
$(MAKE) -C $(CURDIR)/tools/dev/k3d down

# Trivy is used to scan images for vulnerabilities
.PHONY: trivy
trivy: loki-image
trivy i $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)

# Synk is also used to scan for vulnerabilities, and detects things that trivy might miss
.PHONY: snyk
snyk: loki-image
snyk container test $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)
snyk code test

.PHONY: scan-vulnerabilities
scan-vulnerabilities: trivy snyk

0 comments on commit 53949dc

Please sign in to comment.