Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: update design/tradeoffs doc regarding scanner vuln reports #818 #854

Open
wants to merge 87 commits into
base: main
Choose a base branch
from
Open

docs: update design/tradeoffs doc regarding scanner vuln reports #818 #854

wants to merge 87 commits into from

Conversation

pradhans0906
Copy link
Contributor

Description

Updates the tradeoffs section in the design documentation to accurately reflect copa's ability to work with or without vulnerability scanner reports.

The changes:

  • Remove outdated statements about scanner report dependencies
  • Clarify the package-based update model
  • Maintain information about package manager dependencies and platform limitations
  • Improve document structure for better readability

Changes

  • Replace outdated tradeoffs content with updated, accurate information
  • Add clearer section organization with numbered points
  • Update description of scanner integration to reflect optional usage

Closes #818

@ashnamehrotra ashnamehrotra changed the title [DOC] update design/tradeoffs doc regarding scanner vuln reports #818 docs: update design/tradeoffs doc regarding scanner vuln reports #818 Dec 5, 2024
ashnamehrotra
ashnamehrotra requested changes Dec 6, 2024
View reviewed changes
website/docs/design.md Outdated Show resolved Hide resolved
website/docs/design.md Outdated Show resolved Hide resolved
@ashnamehrotra
Copy link
Contributor

ashnamehrotra commented Dec 6, 2024
edited
Loading

@pradhans0906 can we also add these changes to version docs starting from v0.7.0, since that was the release of the update all feature. DCO also needs to be fixed to sign-off commits.

sozercan
sozercan reviewed Dec 6, 2024
View reviewed changes
website/docs/design.md Outdated Show resolved Hide resolved
@ashnamehrotra
Copy link
Contributor

@pradhans0906 thank you! looks like the commits need sign off again for DCO check

pradhans0906 and others added 5 commits December 14, 2024 18:47
@pradhans0906
Update installation.md
6c45a13 
Prequisitives > Prerequisites

Signed-off-by: swapnasagar pradhan <[email protected]>
@pradhans0906
Fixed typo 'Prequisitives' to 'Prerequisites' across all version docs
9c22f61 
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group in /website with 3 updates (project-copacet…
99d7b36 
…ic#821)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@sozercan @ashnamehrotra @pradhans0906
docs: add lower than required package error (project-copacetic#420)
cb22d0e 
Signed-off-by: Sertac Ozercan <[email protected]>
Signed-off-by: Sertaç Özercan <[email protected]>
Co-authored-by: Ashna Mehrotra <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@sozercan @pradhans0906
ci: classify gen docs as blocking (project-copacetic#826)
4ed4b81 
Signed-off-by: Sertac Ozercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
dependabot bot and others added 13 commits December 14, 2024 19:21
@dependabot @pradhans0906
chore: bump github.com/aquasecurity/trivy from 0.56.2 to 0.57.0 (proj…
3bb6fa5 
…ect-copacetic#822)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump the all group across 1 directory with 2 updates (project-…
77360f6 
…copacetic#827)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertaç Özercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group in /website with 3 updates (project-copacet…
9325853 
…ic#835)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump github.com/quay/claircore from 1.5.32 to 1.5.33 (project-…
d35491e 
…copacetic#833)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertaç Özercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump google.golang.org/grpc from 1.67.1 to 1.68.0 (project-cop…
91727cd 
…acetic#832)

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sertac Ozercan <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertac Ozercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump github.com/docker/buildx from 0.17.1 to 0.18.0 (project-c…
57585fc 
…opacetic#824)

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sertac Ozercan <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertac Ozercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump golang.org/x/sync from 0.8.0 to 0.9.0 (project-copacetic#831
c3364ba 
)

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sertac Ozercan <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertac Ozercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump the all group across 1 directory with 2 updates (project-…
e50f77b 
…copacetic#838)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertaç Özercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@pradhans0906
Trade off updates
65a3db6 
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/aquasecurity/trivy from 0.57.0 to 0.57.1 (proj…
3980590 
…ect-copacetic#840)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump cross-spawn from 7.0.3 to 7.0.6 in /website (project-copa…
4bf5f7f 
…cetic#841)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group across 1 directory with 3 updates (project-…
50b0887 
…copacetic#843)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group with 4 updates (project-copacetic#845)
1e5e3e8 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
dependabot bot and others added 29 commits December 14, 2024 19:23
@dependabot @pradhans0906
chore: bump the all group in /website with 3 updates (project-copacet…
73f4e46 
…ic#835)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump github.com/quay/claircore from 1.5.32 to 1.5.33 (project-…
ad3aef0 
…copacetic#833)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertaç Özercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump google.golang.org/grpc from 1.67.1 to 1.68.0 (project-cop…
7c787b6 
…acetic#832)

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sertac Ozercan <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertac Ozercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump github.com/docker/buildx from 0.17.1 to 0.18.0 (project-c…
84adbcd 
…opacetic#824)

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sertac Ozercan <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertac Ozercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump golang.org/x/sync from 0.8.0 to 0.9.0 (project-copacetic#831
bb2fcfe 
)

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sertac Ozercan <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertac Ozercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump the all group across 1 directory with 2 updates (project-…
f8ae14c 
…copacetic#838)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertaç Özercan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/aquasecurity/trivy from 0.57.0 to 0.57.1 (proj…
cfc85de 
…ect-copacetic#840)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump cross-spawn from 7.0.3 to 7.0.6 in /website (project-copa…
e7d4ef1 
…cetic#841)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group across 1 directory with 3 updates (project-…
8f47684 
…copacetic#843)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @pradhans0906
chore: bump the all group with 4 updates (project-copacetic#845)
ddf8fbc 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group in /website with 4 updates (project-copacet…
d47c135 
…ic#846)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/moby/buildkit from 0.17.1 to 0.17.2 (project-c…
790d3f6 
…opacetic#847)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (project…
3978e1d 
…-copacetic#848)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump k8s.io/apimachinery from 0.31.2 to 0.31.3 (project-copace…
72a3e5a 
…tic#849)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/docker/buildx from 0.18.0 to 0.19.1 (project-c…
a217b06 
…opacetic#852)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group with 3 updates (project-copacetic#858)
18af38a 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group in /website with 2 updates (project-copacet…
e1089c1 
…ic#859)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/moby/buildkit from 0.18.0 to 0.18.1 (project-c…
b173607 
…opacetic#860)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump golang.org/x/sync from 0.9.0 to 0.10.0 (project-copacetic…
56abf55 
…#861)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump google.golang.org/grpc from 1.68.0 to 1.68.1 (project-cop…
125b78d 
…acetic#864)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/docker/cli from 27.4.0-rc.2+incompatible to 27…
3eef7a7 
….4.0+incompatible (project-copacetic#865)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump golang.org/x/crypto from 0.28.0 to 0.31.0 (project-copace…
83fd5d8 
…tic#870)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump nanoid from 3.3.7 to 3.3.8 in /website (project-copacetic…
2af585b 
…#871)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@pradhans0906
docs: update design documentation
7910fe0 
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group in /website with 3 updates (project-copacet…
7abda49 
…ic#821)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump github.com/aquasecurity/trivy from 0.56.2 to 0.57.0 (proj…
eda0994 
…ect-copacetic#822)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @sozercan @pradhans0906
chore: bump the all group across 1 directory with 2 updates (project-…
e097be3 
…copacetic#838)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sertaç Özercan <[email protected]>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group across 1 directory with 3 updates (project-…
04b599f 
…copacetic#843)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
@dependabot @pradhans0906
chore: bump the all group with 3 updates (project-copacetic#858)
3becdd9 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: swapnasagar pradhan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashnamehrotra ashnamehrotra ashnamehrotra requested changes

@sozercan sozercan sozercan left review comments

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard jeremyrickard is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Copacetic Workboard
Status: 🆕 New
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[DOC] update design/tradeoffs doc regarding scanner vuln reports
4 participants
@pradhans0906 @ashnamehrotra @sozercan @explsd