Skip to content

Feature #3198 develop scan_for_CVEs #3199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 15, 2025
Merged

Feature #3198 develop scan_for_CVEs #3199

merged 3 commits into from
Jul 15, 2025

Conversation

JohnHalleyGotway
Copy link
Collaborator

@JohnHalleyGotway JohnHalleyGotway commented Jul 14, 2025
edited
Loading

Expected Differences

  • Do these changes introduce new tools, command line arguments, or configuration file options? [No]

    If yes, please describe:

  • Do these changes modify the structure of existing or add new output data types (e.g. statistic line types or NetCDF variables)? [No]

    If yes, please describe:

Pull Request Testing

  • Describe testing already performed for these changes:

    Used workflow dispatch in this release-docker-images.yml run for this feature_3198_develop_scan_for_CVEs branch to build the dtcenter/met:12.0.2 image and confirmed that the steps now include the CVE scanning output, like this:
Screenshot 2025-07-14 at 2 57 13 PM

I downloaded the log artifact and confirmed it now contains the CVE scan output.

Archive:  /Users/johnhg/Downloads/logs_v12.0.2.zip
  inflating: CVE_Scan_dtcenter_met_12.0.2.log

  • Recommend testing for the reviewer(s) to perform, including the location of input datasets, and any additional instructions:

    Review GHA updates and inspect the CVE scan output.

  • Do these changes include sufficient documentation updates, ensuring that no errors or warnings exist in the build of the documentation? [No]
    I made no updates to the MET documentation.

  • Do these changes include sufficient testing updates? [No]
    None needed.

  • Will this PR result in changes to the MET test suite? [No]

    If yes, describe the new output and/or changes to the existing output:

  • Will this PR result in changes to existing METplus Use Cases? [No]

    If yes, create a new Update Truth METplus issue to describe them.

  • Do these changes introduce new SonarQube findings? [No]

    If yes, please describe:

  • Please complete this pull request review by [Fri July 18, 2025].

Pull Request Checklist

See the METplus Workflow for details.

  • Review the source issue metadata (required labels, projects, and milestone).
  • Complete the PR definition above.
  • Ensure the PR title matches the feature or bugfix branch name.
  • Define the PR metadata, as permissions allow.
    Select: Reviewer(s) and Development issue
    Select: Milestone as the version that will include these changes
    Select: METplus-X.Y Support project for bugfix releases or MET-X.Y Development project for the next coordinated release
  • After submitting the PR, select the ⚙️ icon in the Development section of the right hand sidebar. Search for the issue that this PR will close and select it, if it is not already selected.
  • After the PR is approved, merge your changes. If permissions do not allow this, request that the reviewer do the merge.
  • Close the linked issue and delete your feature or bugfix branch from GitHub.

@JohnHalleyGotway JohnHalleyGotway added this to the MET-12.1.0 milestone Jul 14, 2025
@github-project-automation github-project-automation bot moved this to 🩺 Needs Triage in METplus-6.1 Development Jul 14, 2025
@JohnHalleyGotway JohnHalleyGotway linked an issue Jul 14, 2025 that may be closed by this pull request
Add CVE scanning to the release-docker-images.yml workflow #3198
Closed
21 tasks
@JohnHalleyGotway JohnHalleyGotway moved this from 🩺 Needs Triage to 🔎 In review in METplus-6.1 Development Jul 14, 2025
@github-project-automation github-project-automation bot moved this to 🩺 Needs Triage in METplus-6.2 Development Jul 14, 2025
@JohnHalleyGotway JohnHalleyGotway moved this from 🩺 Needs Triage to 🔎 In review in METplus-6.2 Development Jul 14, 2025
This was referenced Jul 14, 2025
Merged
Merged
jprestop
jprestop approved these changes Jul 15, 2025
View reviewed changes
Copy link
Collaborator

@jprestop jprestop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes are great, @JohnHalleyGotway! Thank you for all of your time and effort. I reviewed the GHA updates, noting the adding warning message and inspected the CVE scan output log file, CVE_Scan_dtcenter_met_12.0.2.log, which was as expected. I approve this request.

@JohnHalleyGotway JohnHalleyGotway merged commit 7defc18 into develop Jul 15, 2025
40 checks passed
@github-project-automation github-project-automation bot moved this from 🔎 In review to 🏁 Done in METplus-6.2 Development Jul 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jprestop jprestop jprestop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
METplus-6.2 Development
Status: 🏁 Done
Milestone
MET-12.2.0
Development

Successfully merging this pull request may close these issues.

Add CVE scanning to the release-docker-images.yml workflow
2 participants
@JohnHalleyGotway @jprestop