Vulnerability Periodic Scans and Processes
Create a process where the team can pro-actively catch vulnerabilities such that no surprises come when a build is needed. A periodic job that would run nightly to scan the containers.
Include all the containers that are used in the OSDU system - airflow, java, python under the same process. Create templates in CI-CD project such that the pipelines can be re-used.
Send email notification to a email group in case of pipeline errors such that team is alerted on the new vulnerability that is detected.
Make sure the build fails if there are any vulnerabilities are detected.
Create a distribution list for pipeline failure notifications.
Create re-usable pipeline that periodically scans build images. (nightly?)
Send email to the above DL only in case of failures.
Make sure the build fails if vulnerabilities are detected.
Include all the containers that are used in the OSDU system - airflow, java, python, terraform under the same process.