Skip to content
This repository was archived by the owner on Feb 9, 2026. It is now read-only.

feat: Initial content for OCI to create the cve-checker image based on trivy#1

Open
adrianriobo wants to merge 1 commit into
aipcc-cicd:mainfrom
adrianriobo:initial
Open

feat: Initial content for OCI to create the cve-checker image based on trivy#1
adrianriobo wants to merge 1 commit into
aipcc-cicd:mainfrom
adrianriobo:initial

Conversation

@adrianriobo

@adrianriobo adrianriobo commented Sep 15, 2025

Copy link
Copy Markdown
Contributor

This PR includes an initial commit to create an OCI image based on Trivy which is able to compare 2 images (base and target) in order to generate 2 files:

  • fixed file with a list of CVEs fixed on target image
  • new file with a list of new CVEs on the target image

…n trivy

Signed-off-by: Adrian Riobo <ariobolo@redhat.com>
Comment thread oci/entrypoint.sh
skopeo copy --insecure-policy "docker://${TARGET_IMAGE}" "oci:${TARGET_IMAGE_PATH}:latest"
# Analyze
mkdir /compare
pushd /compare

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any reason not to simply use cd here ? I don't understand why we use pushd, maybe a code style thing but I would make it obvious with cd

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nop I just get use to it, as it is easy for going back when you jump to diff paths (pushd / popd)

Comment thread oci/entrypoint.sh
fi

if [[ -n "${AUTH_USER:-}" && -n "${AUTH_PASS:-}" && -n "${AUTH_REG:-}" ]]; then
echo "$AUTH_PASS" | skopeo login --username "$AUTH_USER" --password-stdin "$AUTH_REG"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick

Suggested change
echo "$AUTH_PASS" | skopeo login --username "$AUTH_USER" --password-stdin "$AUTH_REG"
skopeo login --username "$AUTH_USER" --password-stdin "$AUTH_REG" <<< "$AUTH_PASS"

Comment thread oci/entrypoint.sh
# Get Images
BASE_IMAGE_PATH=/base
TARGET_IMAGE_PATH=/target
skopeo copy --insecure-policy "docker://${BASE_IMAGE}" "oci:${BASE_IMAGE_PATH}:latest"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do we need this for ? --insecure-policy

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants