[NX-201] Enforce container vulnerability scan gate in CI #11

New Issue

Open

opened 2026-02-13 13:16:35 +00:00 by nessi · 0 comments

nessi commented 2026-02-13 13:16:35 +00:00

Owner

Copy Link

Goal

Block releases with unresolved high/critical container vulnerabilities.

Scope

• Add image scanning job for backend/frontend images.
• Fail workflow on high/critical findings (with explicit allowlist support).

Acceptance Criteria

• CI fails on new high/critical vulnerabilities.
• Allowlist process is documented and auditable.

## Goal Block releases with unresolved high/critical container vulnerabilities. ## Scope - Add image scanning job for backend/frontend images. - Fail workflow on high/critical findings (with explicit allowlist support). ## Acceptance Criteria - CI fails on new high/critical vulnerabilities. - Allowlist process is documented and auditable.

nessi added this to the v1.0 - Stability, Reliability & Security (P0) milestone 2026-02-13 13:16:35 +00:00

nessi added the P0 label 2026-02-13 13:16:35 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

development

0.2.2

0.2.1

0.2.0

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels

P0

High priority

P1

Medium priority

P2

Low priority

No Label P0

Milestone

No items

No Milestone v1.0 - Stability, Reliability & Security (P0)

Projects

Clear projects

No project

Assignees

Clear assignees

nessi

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: nessi/NexaPG#11