Skip to content

feat(ci-cd): add trivy scan instead of synk #268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vaibhavbhalla2505 wants to merge 1 commit into from
Closed

feat(ci-cd): add trivy scan instead of synk #268

vaibhavbhalla2505 wants to merge 1 commit into from
+257 −186

Conversation

@vaibhavbhalla2505
Copy link
Contributor

@vaibhavbhalla2505 vaibhavbhalla2505 commented Sep 11, 2025

Description

add trivy scan instead of synk

Fixes # (issue)

GH-267

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Intermediate change (work in progress)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • Test A
  • Test B

Checklist:

  • Performed a self-review of my own code
  • npm test passes on your machine
  • New tests added or existing tests modified to cover all changes
  • Code conforms with the style guide
  • API Documentation in code was updated
  • Any dependent changes have been merged and published in downstream modules

@vaibhavbhalla2505 vaibhavbhalla2505 self-assigned this Sep 11, 2025
@vaibhavbhalla2505 vaibhavbhalla2505 linked an issue Sep 11, 2025 that may be closed by this pull request
add trivy scan #267
Closed
@vaibhavbhalla2505 vaibhavbhalla2505 force-pushed the GH-267 branch 2 times, most recently from 2bb0d60 to d49426e Compare September 15, 2025 07:52
feat(ci-cd): add trivy scan instead of synk
ccea763 
add trivy scan instead of synk

GH-267
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 15, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@stale
Copy link

stale bot commented Nov 14, 2025

This pull request has been marked stale because it has not seen any activity within two months. It will be closed within 15 days of being stale unless there is new activity.

@stale stale bot added the stale label Nov 14, 2025
@stale
Copy link

stale bot commented Nov 29, 2025

This pull request has been closed due to continued inactivity. If you are interested in finishing the proposed changes, then feel free to re-open this pull request or open a new one.

@stale stale bot closed this Nov 29, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 18, 2025

SonarQube reviewer guide

Summary: Replaces Snyk security scanning with Trivy, updates dependencies, and bumps version to 13.0.0

Review Focus:

  • The new Trivy workflow configuration and security policy (trivy.yml) for appropriate vulnerability thresholds
  • Dependency updates across Loopback packages and core libraries like axios, debug, and mocha for breaking changes
  • Semver override in passport-apple vendor package ensuring consistent version usage

Start review at: .github/workflows/trivy.yaml. This introduces the new security scanning tool that will gate PRs, so verifying the configuration (scan types, exit codes, severity levels) is critical before merging.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@a-ganguly a-ganguly Awaiting requested review from a-ganguly

Assignees

@vaibhavbhalla2505 vaibhavbhalla2505

Labels

stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

add trivy scan

2 participants

@vaibhavbhalla2505