Scan Images for CVEs Prior to Pushing to Image Repository within a CI/CD using Tekton and Buildah
Buildah | Open Container Initiative (OCI)| Trivy | Storage Drivers | CI/CD | Tekton | OpenShift Pipelines | Kubernetes | Vulnerabilities
There is a LOT of power in the Open Container Initiative. The OCI is a governance for the runtime specification and the image specification. This article will reference the Image Specification by example. The image specification output is set up in three main sections. 1. The image Manifest, 2. the Filesystem (layers in serialization format), and 3. Image configuration. You will not need to know everything about this format, but it is a good reference to understand how the Trivy scanner is able to work. So letβs begin.
This article will be utilizing a Tekton Task for building the CI/CD portion. Buildah which is a Redhat/IBM product will be utilized for building our Dockerfile. It is recommended to understand and review Tekton prior to starting this article. Tekton is a Cloud-Native Continuous Integration/Continuous Deployment tool by Google. To learn more about this you can look at the documentation. Ok, letβs create our task.
