Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Identify unique findings across multiple catalogs and check which findings are applicable on code that is natively written in Nephio and target those first.
@Byung-Woo Jun - Jessica Gonzalez (@Jessica Gonzalez) initiated/tested the checkov-based IaC Scanning against the ONAP CPS project. Now, she is looking for baselines/policies/best practices how to digest scanning outcome. See the first test result, https://github.com/onap/cps/actions/runs/11040721512/job/30669364326
@Rahul provided a set of requirements for Nephio IaC scanning,
[P0] Scan k8s manifests, terraform, dockerfiles for findings
[P0] Should be able to create baseline and ignore findings in the base-charts (prerequisites)
[P1] Should be possible to find unique findings across multiple files
[P0] Should be possible to periodically report the findings to the SIG-Automation
[P0] Fail the PR if the changes causes a deviation in the baseline
@ved ratan , please share your insight. I plan to discuss the best practices with ONAP SECCOM and will share its outcome.