This runs an image from @justaugustus floating at :latest, which AFAIK is not being developed.
|
# periodically file / close bugs for repos based on presence of SECURITY_CONTACTS |
|
- name: secping |
|
interval: 24h |
|
cluster: k8s-infra-prow-build-trusted |
|
decorate: true |
|
annotations: |
|
testgrid-dashboards: sig-contribex-k8s-triage-robot |
|
description: files bugs for SECURITY_CONTACTS |
|
testgrid-tab-name: secping |
|
extra_refs: |
|
- base_ref: main |
|
org: justaugustus |
|
repo: secping |
|
spec: |
|
containers: |
|
- command: |
|
- go |
|
- run |
|
- . |
|
- -d |
|
- --confirm |
|
- --token-path=/etc/github-token/token |
|
- --skip-emails |
|
env: |
|
- name: GO111MODULE |
|
value: "on" |
|
image: golang:latest |
|
volumeMounts: |
|
- name: token |
|
mountPath: /etc/github-token |
|
volumes: |
|
- name: token |
|
secret: |
|
secretName: k8s-triage-robot-github-token |
/sig contributor-experience testing security k8s-infra
cc @kubernetes/sig-k8s-infra-leads @kubernetes/sig-testing-leads @kubernetes/sig-contributor-experience-leads
I don't think this tool is worth it to keep running a potentially vulnerable image, we should probably just turn down this job.
