Skip to content

[WIP] skills: Add ACS skills (acs-image-scanner)#11

Open
harche wants to merge 1 commit into
openshift:mainfrom
harche:skills/acs
Open

[WIP] skills: Add ACS skills (acs-image-scanner)#11
harche wants to merge 1 commit into
openshift:mainfrom
harche:skills/acs

Conversation

@harche
Copy link
Copy Markdown
Contributor

@harche harche commented Apr 21, 2026

Summary

  • Adds acs/acs-image-scanner/ — ACS image vulnerability scanning skill using skopeo + 8 shell scripts; validates CVE applicability before recommending remediation; ported from lightspeed-operator/examples/adapters/acs/skills/acs-image-scanner/
  • Adds acs/OWNERS and acs/README.md

Details

The skill includes:

  • SKILL.md with frontmatter and full workflow instructions
  • policy.yaml — ACS policy configuration
  • 4 reference files (references/)
  • 8 shell scripts (scripts/) for image inspection, CVE lookup, and applicability checks

Test plan

  • Verify all 8 scripts are executable and have correct shebang lines
  • Verify policy.yaml is valid ACS policy format
  • Confirm skopeo is available in the target environment
  • Smoke-test image scan workflow against a sample image with known CVEs

Note: These are initial drafts. They will evolve as we test and refine them based on real-world usage.

🤖 Generated with Claude Code

@harche @claude
skills: Add ACS skills (acs-image-scanner)
4f5ab4f 
Add acs-image-scanner skill for evaluating ACS-flagged container
image CVEs, validating applicability, and recommending safe upgrade
paths using skopeo and the Red Hat Container Catalog.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 21, 2026
@openshift-ci openshift-ci Bot requested a review from mrunalp April 21, 2026 20:31
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 21, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: harche

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 21, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 21, 2026

@harche: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@harche