Integrate a CVE/vulnerability scanner

Registered by Ricardo Rocha on 2017-02-20

CoreOS has Clair: https://github.com/coreos/clair

Atomic has atomic-scan: https://developers.redhat.com/blog/2016/05/02/introducing-atomic-scan-container-vulnerability-detection/

We could integrate these tools into the Magnum drivers and setup periodic checks that could alert the users when new vulnerabilities are detected. Opt-in (with a label), to be defined how to report this information back to the cluster owners.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Ricardo Rocha
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/container-image-cve-scan,n,z

Addressed by: https://review.openstack.org/598142
    [k8s] Add vulnerability scanner

Gerrit topic: https://review.opendev.org/#/q/topic:bp/container-image-cve-scan

Addressed by: https://review.opendev.org/598142
    [k8s] Add vulnerability scanner

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.