Skip to content

feat: daily vuln scanner #221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 30, 2025
Merged

feat: daily vuln scanner #221

merged 7 commits into from
Oct 30, 2025

Conversation

@mchmarny
Copy link
Member

@mchmarny mchmarny commented Oct 30, 2025

Summary

Scan repo for vulnerabilities across the OS, Libs, and License/config misconfigurations

Type of Change

  • πŸ› Bug fix
  • ✨ New feature
  • πŸ’₯ Breaking change
  • πŸ“š Documentation
  • πŸ”§ Refactoring
  • πŸ”¨ Build/CI

Component(s) Affected

  • Health Monitors
  • Core Services
  • Fault Management
  • Documentation/CI
  • Other: ____________

Testing

  • Tests pass locally
  • Manual testing completed
  • No breaking changes (or documented)

Checklist

  • Self-review completed
  • Documentation updated (if needed)
  • Ready for review

Copilot AI review requested due to automatic review settings October 30, 2025 18:21
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces automated vulnerability scanning to the repository using Trivy, scheduled to run daily at 7:30 AM UTC. The workflow scans the filesystem for vulnerabilities in OS packages and libraries, as well as secrets and misconfigurations, reporting HIGH and CRITICAL severity issues to GitHub Security.

  • Adds a GitHub Actions workflow for daily vulnerability scanning
  • Configures Trivy to scan for vulnerabilities, secrets, and misconfigurations
  • Sets up SARIF report upload to GitHub Security Events

πŸ’‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-advanced-security
Copy link

github-advanced-security bot commented Oct 30, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Copilot AI review requested due to automatic review settings October 30, 2025 18:26
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

πŸ’‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings October 30, 2025 18:36
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

πŸ’‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings October 30, 2025 18:46
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

πŸ’‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mchmarny mchmarny enabled auto-merge (squash) October 30, 2025 18:58
@mchmarny mchmarny merged commit f2c34d7 into NVIDIA:main Oct 30, 2025
34 checks passed
@mchmarny mchmarny deleted the feat/vuln-scan branch October 30, 2025 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lalitadithya lalitadithya lalitadithya approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mchmarny @lalitadithya