image_scan Trait
If defined, OCI-Images declared as resources in the current component’s Component Descriptor
are scanned using the configured scanning tools (see attributes documentation).
Note
Unless mentioned otherwise, all OCI-Layers will be scanned. This means that files that are “logically” removed by a later layer will be included in scans. In case a file is overwritten with different contents, all variants are subject to being scanned.
Attributes
name |
required? |
default |
type |
explanation |
---|---|---|---|---|
notify |
no |
|
Notify |
whom to notify about found issues |
issue_policies |
no |
max_processing_time_days:
blocker: 0
high: 30
low: 120
medium: 90
very_high_or_greater: 30
|
IssuePolicies |
defines issues policies (e.g. SLAs for maximum processing times |
overwrite_github_issues_tgt_repository_url |
no |
None |
str |
if set, and notify is set to github_issues, overwrite target github repository |
github_issue_templates |
no |
None |
List[GithubIssueTemplateCfg] |
use to configure custom github-issue-templates (sub-attr: - summary # contains name, version, etc in a table
- component_name
- component_version
- resource_name
- resource_version
- resource_type
- greatest_cve
- report_url
- delivery_dashboard_url
|
github_issue_labels_to_preserve |
no |
None |
List[str] |
optional list of regexes for labels that will never be removed upon ticket-update |
email_recipients |
no |
[]
|
List[str] |
optional list of email recipients to be notified about critical scan results |
os_id |
no |
None |
OsIdScan |
if present, identify operating system |
trait_depends |
no |
() |
List[str] |
if present, generated build steps depend on those generated from specified traits |
notify Enumeration Values
email_recipients
nobody
component_owners
github_issues
issue_policies (IssuePolicies) Attributes
name |
required? |
default |
type |
explanation |
---|---|---|---|---|
max_processing_time_days |
no |
blocker: 0
high: 30
low: 120
medium: 90
very_high_or_greater: 30
|
MaxProcessingTimesDays |
issue_policies.max_processing_time_days (MaxProcessingTimesDays) Attributes
name |
required? |
default |
type |
explanation |
---|---|---|---|---|
blocker |
no |
0 |
int |
|
very_high_or_greater |
no |
30 |
int |
|
high |
no |
30 |
int |
|
medium |
no |
90 |
int |
|
low |
no |
120 |
int |
github_issue_templates[] (GithubIssueTemplateCfg) Attributes
name |
required? |
default |
type |
explanation |
---|---|---|---|---|
body |
yes |
None |
str |
|
type |
yes |
None |
str |
os_id (OsIdScan) Attributes
name |
required? |
default |
type |
explanation |
---|---|---|---|---|
parallel_jobs |
no |
8 |
int |
amount of parallel jobs to run |
timeout |
no |
2h |
str |
go-style time interval (e.g.: ‘1h30m’) after which the image-scan-step will be interrupted and fail. |
Dependencies
This trait requires the following traits to be declared: