From dd761bc53fc48bef473df6d122a47cbcfd387e33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?=
 <carlosrh@vmware.com>
Date: Tue, 2 Aug 2022 13:00:33 +0200
Subject: [PATCH] [bitnami/*] Add vuln. scan note in the README (#1553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [bitnami/*] Add vuln. scan note in the README

Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>

* Update README.md

Co-authored-by: Pablo Galego <pablogalegocarro@gmail.com>

* Update README.md

Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>

Co-authored-by: Pablo Galego <pablogalegocarro@gmail.com>
---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 583de67aa5ac..477d2791a9d0 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,15 @@ $ docker-compose up -d
 
 > Remember to replace the `APP` placeholder in the example command above with the correct value.
 
+## Vulnerability scan in Bitnami container images
+
+As part of the release process, the Bitnami container images are analyzed for vulnerabilities. At this moment, we are using two different tools:
+
+* [Trivy](https://github.com/aquasecurity/trivy)
+* [Grype](https://github.com/anchore/grype)
+
+This scanning process is triggered via a GH action for every PR affecting the source code of the containers, regardless of its nature or origin.
+
 ## Contributing
 
 We'd love for you to contribute to those container images. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues/new/choose), or submit a [pull request](https://github.com/bitnami/containers/pulls) with your contribution.