Skip to content

chore(docs): add documentation for Zarf package vuln scanning#4960

Open
brandtkeller wants to merge 3 commits into
mainfrom
chore_package_vuln_scanning
Open

chore(docs): add documentation for Zarf package vuln scanning#4960
brandtkeller wants to merge 3 commits into
mainfrom
chore_package_vuln_scanning

Conversation

@brandtkeller

@brandtkeller brandtkeller commented Jun 5, 2026

Copy link
Copy Markdown
Member

Description

Grype v0.114.0 included support for a new zarf: scan target which can read a zarf tarball from the filesystem and produce reports for vulnerabilities without orchestrating the sbom inspect and grype scan loops.

Related Issue

Relates to: #3842

Checklist before merging

@brandtkeller
chore(docs): add documentation for Zarf package vuln scanning
c673edf 
Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com>
@brandtkeller brandtkeller self-assigned this Jun 5, 2026
@brandtkeller brandtkeller requested review from a team as code owners June 5, 2026 17:53
@netlify

netlify Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

Deploy Preview for zarf-docs ready!

Name Link
🔨 Latest commit fb1c9a9
🔍 Latest deploy log https://app.netlify.com/projects/zarf-docs/deploys/6a26e1897cd56b0008a6312f
😎 Deploy Preview https://deploy-preview-4960--zarf-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov

codecov Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

a1994sc
a1994sc previously approved these changes Jun 5, 2026
View reviewed changes

@a1994sc a1994sc left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very cool!!

LGTM

AustinAbro321
AustinAbro321 reviewed Jun 8, 2026
View reviewed changes

@AustinAbro321 AustinAbro321 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had no idea this was in the pipeline for grype, really cool stuff! A few comments as I followed along the guide

Comment thread site/src/content/docs/best-practices/vulnerability-scanning.mdx Outdated
Comment thread site/src/content/docs/best-practices/vulnerability-scanning.mdx Outdated
@brandtkeller
chore(docs): remove language for clarity
7cd926c 
Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com>
@brandtkeller
Merge branch 'main' of github.com:zarf-dev/zarf into chore_package_vu…
fb1c9a9 
…ln_scanning
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@a1994sc a1994sc a1994sc left review comments

@AustinAbro321 AustinAbro321 Awaiting requested review from AustinAbro321

At least 1 approving review is required to merge this pull request.

Assignees

@brandtkeller brandtkeller

Labels

None yet

Projects

Zarf
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@brandtkeller @a1994sc @AustinAbro321