Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/build-cssc-dashboard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,8 @@ jobs:
"com.toddysm.image.tags=${major}|${minor}|${patch}|${build}"
"com.toddysm.build.workflow=${WORKFLOW}"
"com.toddysm.build.run-url=${SERVER_URL}/${REPO}/actions/runs/${RUN_ID}"
"com.toddysm.security.policy=${SERVER_URL}/${REPO}?tab=security-ov-file"
"com.toddysm.security.report-url=${SERVER_URL}/${REPO}/security/advisories/new"
)

ann_args=()
Expand Down
2 changes: 2 additions & 0 deletions docs/guides/build/reading-image-annotations.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,8 @@ architecture.
| `com.toddysm.image.tags` | Every tag applied to the image, `\|`-separated (e.g. `0\|0.1\|0.1.0\|0.1.0-69deeec`) | The full tag set the build published, from most-moving (`major`) to immutable (`build`); recover every tag from the image itself. |
| `com.toddysm.build.workflow` | Building workflow display name | Which workflow produced the image; auditing the build path. |
| `com.toddysm.build.run-url` | Link to the exact GitHub Actions run | Jump straight to the CI run that built the image for logs and provenance. |
| `com.toddysm.security.policy` | Link to the repository security policy | Find out how vulnerabilities in the image are handled and disclosed. |
| `com.toddysm.security.report-url` | URL for reporting a vulnerability | Report a vulnerability programmatically (the GitHub private advisory intake). |

## Worked examples

Expand Down
2 changes: 2 additions & 0 deletions docs/reference/image-annotations.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ crane manifest ghcr.io/toddysm/apps/cssc-dashboard/packages-service:0.1 | jq .an
| `com.toddysm.image.tags` | Every tag applied to the image, `\|`-separated, from `major` to `build` (e.g. `0\|0.1\|0.1.0\|0.1.0-69deeec`). |
| `com.toddysm.build.workflow` | The building workflow display name. |
| `com.toddysm.build.run-url` | Link to the exact GitHub Actions run. |
| `com.toddysm.security.policy` | Link to the repository security policy (how vulnerabilities are handled). |
| `com.toddysm.security.report-url` | URL for reporting a vulnerability programmatically (the GitHub private advisory intake). |

## Reproducibility

Expand Down
Loading