Skip to content

Configure AppSec in CI#4054

Open
smlx wants to merge 5 commits intomainfrom
appsec-ci
Open

Configure AppSec in CI#4054
smlx wants to merge 5 commits intomainfrom
appsec-ci

Conversation

@smlx
Copy link
Copy Markdown
Member

@smlx smlx commented Feb 3, 2026
edited
Loading

Partially addresses #3771 by enabling various GitHub features and workflows — see that issue for details.

To inspect SBOMs attached to images you can use:

$ docker buildx imagetools inspect testlagoon/api:pr-4054 --format "{{ json .SBOM }}" | head
{
  "linux/amd64": {
    "SPDX": {
      "SPDXID": "SPDXRef-DOCUMENT",
      "creationInfo": {
        "created": "2026-02-03T07:23:50Z",
        "creators": [
          "Organization: Anchore, Inc",
          "Tool: syft-v1.40.0",
          "Tool: buildkit-v0.27.1"

SBOM scanning during image build also doesn't seem to add much to image build time. Here's this PR jenkins build time (top) vs the most recent successful run on main (bottom):
screenshot_2026-02-03-163610
screenshot_2026-02-03-163624

The rest of #3771 can be addressed once this is merged.

@smlx smlx changed the title appsec ci Configure AppSec in CI Feb 3, 2026
@smlx smlx force-pushed the appsec-ci branch 2 times, most recently from 7ea618b to a973247 Compare February 3, 2026 06:01
@smlx smlx marked this pull request as ready for review February 3, 2026 08:45
@smlx smlx requested a review from bomoko February 3, 2026 08:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bomoko bomoko Awaiting requested review from bomoko

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@smlx