Vulnerability scanning as a deploy gate
WHAT IT TESTS: shift-left image security in CI/CD. OUTLINE: scan with Trivy or Clair, fail the build on high or critical severity above threshold, and enforce again at admission with signing and registry policies.
WHAT IT TESTS: whether you can design an enforced security gate, not just run a scanner. ANSWER OUTLINE: scan the built image in the pipeline with a tool like Trivy or Clair, set the step to exit non-zero on vulnerabilities at or above a severity threshold so the build fails, and combine with image signing and an admission controller or registry policy that blocks unsigned or unscanned images at deploy time. Handle ignore lists for unfixable CVEs deliberately.
Read the original → interview
- #cicd
- #security
- #trivy
- #vulnerability-scanning
- #supply-chain
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.