6. CentOS Container Pipeline...
● Does automatic rebuilds in such case
● Also rebuilds upon “git push”
● Doesn’t just do “docker build”
○ Lints the Dockerfile
○ Pre-builds the binaries/artifacts
○ Builds the image
○ Scans it
7. What does it scan for?
● RPM updates
● pip, npm, gem updates
● RPM verification
● Container capabilities
● Weekly scanning
11. Why yet another pipeline?
● No solution to lint, build, scan images on regular basis
● No triggers other than code push to git repo
● Limited scanning capabilities; available for a cost
● No regular scan reports on all the images
● No dependency between images (parent-child relationship)
● No open source solution to do all of these!
12. Work in
progress
● API and UI integration
for logs
● Moving away from docker
build to buildah
● Rebuilds on RPM update