image_scan Trait

If defined, OCI-Images declared as resources in the current component’s Component Descriptor are scanned using the configured scanning tools (see attributes documentation).

Note

Unless mentioned otherwise, all OCI-Layers will be scanned. This means that files that are “logically” removed by a later layer will be included in scans. In case a file is overwritten with different contents, all variants are subject to being scanned.

Attributes

name

required?

default

type

explanation

notify

no

email_recipients

Notify

whom to notify about found issues

issue_policies

no

max_processing_time_days:
  blocker: 0
  high: 30
  low: 120
  medium: 90
  very_high_or_greater: 30

IssuePolicies

defines issues policies (e.g. SLAs for maximum processing times

overwrite_github_issues_tgt_repository_url

no

None

str

if set, and notify is set to github_issues, overwrite target github repository

github_issue_templates

no

None

List[GithubIssueTemplateCfg]

use to configure custom github-issue-templates (sub-attr: body) use python3’s format-str syntax

available variables
- summary # contains name, version, etc in a table
- component_name
- component_version
- resource_name
- resource_version
- resource_type
- greatest_cve
- report_url
- delivery_dashboard_url

github_issue_labels_to_preserve

no

None

List[str]

optional list of regexes for labels that will never be removed upon ticket-update

email_recipients

no

[]

List[str]

optional list of email recipients to be notified about critical scan results

os_id

no

None

OsIdScan

if present, identify operating system

trait_depends

no

()

List[str]

if present, generated build steps depend on those generated from specified traits

notify Enumeration Values

  • email_recipients

  • nobody

  • component_owners

  • github_issues

issue_policies (IssuePolicies) Attributes

name

required?

default

type

explanation

max_processing_time_days

no

blocker: 0
high: 30
low: 120
medium: 90
very_high_or_greater: 30

MaxProcessingTimesDays

issue_policies.max_processing_time_days (MaxProcessingTimesDays) Attributes

name

required?

default

type

explanation

blocker

no

0

int

very_high_or_greater

no

30

int

high

no

30

int

medium

no

90

int

low

no

120

int

github_issue_templates[] (GithubIssueTemplateCfg) Attributes

name

required?

default

type

explanation

body

yes

None

str

type

yes

None

str

os_id (OsIdScan) Attributes

name

required?

default

type

explanation

parallel_jobs

no

8

int

amount of parallel jobs to run

timeout

no

2h

str

go-style time interval (e.g.: ‘1h30m’) after which the image-scan-step will be interrupted and fail.

Dependencies

This trait requires the following traits to be declared: