Skip to content

Initial github actions for automated build & security scans #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Initial github actions for automated build & security scans #4

wants to merge 2 commits into from

Conversation

byron-marohn
Copy link
Contributor

@byron-marohn byron-marohn commented Jun 12, 2025
edited
Loading

Initial github actions for automated build & security scans

device-plugins:

  • Improve build.sh to take proper --ver, --repo, and --push arguments
  • Add a workflow which runs build.sh, Trivy which scans
    both the source code and resulting docker image for vulnerable
    dependencies, and ClamAV to scan for malware.
  • Add a workflow to scan for static analysis problems with Coverity.
    Requires COVERITY_TOKEN secret to be present in the repository.

qemu:

  • Add a workflow which builds the patched QEMU, based on
    kubevirt-patch/README.md. Also enable Trivy & ClamAV scans.

This does not yet build or scan the full kubevirt environment.

smitesh-sutaria pushed a commit that referenced this pull request Jun 13, 2025
@dmkarthi
Merge pull request #4 from byron-marohn/readme-fixes-2025-05-07
3443bf4 
Slight README & partition_image.sh improvements
smitesh-sutaria added a commit that referenced this pull request Jun 14, 2025
@smitesh-sutaria
Merge pull request #4 from intel-innersource/custom-pack-build-steps
b3698d3 
[ITEP-67433]: Adding custom package identified build steps
@byron-marohn byron-marohn force-pushed the initial_githubactions branch 2 times, most recently from c075a54 to 70481c0 Compare June 17, 2025 22:51
@byron-marohn
Initial github actions for automated build & security scans
d158e8d 
device-plugins:
- Improve build.sh to take proper --ver, --repo, and --push arguments
- Add a workflow which runs build.sh, Trivy which scans
  both the source code and resulting docker image for vulnerable
  dependencies, and ClamAV to scan for malware.
- Add a workflow to scan for static analysis problems with Coverity.
  Requires COVERITY_TOKEN secret to be present in the repository.

qemu:
- Add a workflow which builds the patched QEMU, based on
  kubevirt-patch/README.md. Also enable Trivy & ClamAV scans.

This does not yet build or scan the full kubevirt environment.

Signed-off-by: Byron Marohn <byron.marohn@intel.com>
@byron-marohn byron-marohn force-pushed the initial_githubactions branch from 70481c0 to d158e8d Compare June 17, 2025 23:07
@byron-marohn byron-marohn mentioned this pull request Jun 18, 2025
Closed
@byron-marohn
Specify branches for actions
098cb75 
Signed-off-by: Byron Marohn <byron.marohn@intel.com>
@byron-marohn
Copy link
Contributor Author

Closing this in favor of #10, which is this exact same workflow on a branch in this repo, rather than submitted via a fork.

dmkarthi pushed a commit to dmkarthi/edge-desktop-virtualization that referenced this pull request Jun 20, 2025
@harishb93
Merge pull request open-edge-platform#4 from intel-innersource/use_lo…
1a84254 
…calhost

Update to use localhost:5000 instead of amr registry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@byron-marohn