https://romanoroth.com/en/tags/docker/Recent content in Docker on Romano RothHugo -- gohugo.ioenRomano RothThu, 09 Feb 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-container-scanning/Thu, 09 Feb 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-container-scanning/<p>We have built up the GitHub Actions pipeline through five sessions: the project basics, software composition analysis, license compliance, and static application security testing. The next layer is container scanning — looking for vulnerabilities inside the Docker image we ship, not just in the source we wrote. In Part 6 of our series, Patrick Steger and I split the work into two GitHub Actions sub-workflows: one builds the image and pushes it to the registry, the other pulls it back and runs Trivy on it.</p>https://romanoroth.com/en/blogs/gitlab-devsecops-container-scanning/Tue, 06 Sep 2022 00:00:00 +0000https://romanoroth.com/en/blogs/gitlab-devsecops-container-scanning/<p>We have already wired SAST, secret detection, and software composition analysis into the GitLab pipeline. Those checks cover the source code and its dependencies — but the artifact we actually ship is a container image. Operating system packages, the base image, and everything copied in along the way can carry vulnerabilities of their own. In Part 6 of our series, Patrick Steger and I add container scanning to the pipeline, build a Docker image from the jar we compiled earlier, and push it through Trivy and Grype.</p>