Nick Ilieskou requested to merge nightly_build into main May 15, 2024

What does this MR do?

We use alpine image as a base image. Then we install trivy on top of that image.
We extract the Trivy version to install in a file. This will enable us to easily update the trivy version.
Created a script used to download and install trivy. We download the correct zip file depending on the architecture
Updated build-docker-image.sh in order to pass the architecture as an argument during the build process.

Why are we doing this?

We want to update the base image daily. The trivy image currently used extends the alpine image. We rely on trivy itself to fix vulnerabilities of the base image. In order to support quick vulnerability fixes in the base image we use alpine as a base instead of the trivy image. This way we can rebuild the image daily and get the latest version of the base.

What are the relevant issue numbers?

Implement nightly build policy for Trivy K8s Wr... (gitlab-org/gitlab#444470 - closed)

Edited May 15, 2024 by Nick Ilieskou

Use alpine as base image

What does this MR do?

Why are we doing this?

What are the relevant issue numbers?

Merge request reports