📖 docs: document CI security scanning workflows #571

mrhapile · 2026-01-10T20:08:35Z

Fixes #567

Summary

Documented OpenSSF Scorecard and Trivy image scanning workflows
Explained when scans run and where results are published
Clarified that these workflows affect CI only

Notes

Documentation-only change
No runtime or configuration impact

Signed-off-by: mrhapile <allinonegaming3456@gmail.com>

netlify · 2026-01-10T20:08:41Z

✅ Deploy Preview for kubestellar-docs ready!

Built without sensitive environment variables

Name	Link
🔨 Latest commit	`4a2de54`
🔍 Latest deploy log	https://app.netlify.com/projects/kubestellar-docs/deploys/696634a85d885100081be515
😎 Deploy Preview	https://deploy-preview-571--kubestellar-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

kubestellar-prow · 2026-01-10T20:08:45Z

Hi @mrhapile. Thanks for your PR.

I'm waiting for a kubestellar member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Copilot

Pull request overview

This PR documents CI security scanning workflows for KubeStellar, specifically OpenSSF Scorecard and Trivy container image scanning. The documentation explains when these scans run, what they scan for, and where results are published.

Changes:

Added a new "CI Security Scanning" section to the testing documentation
Documented OpenSSF Scorecard workflow for security best practices evaluation
Documented Trivy workflow for container image vulnerability scanning

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

docs/content/direct/testing.md

clubanderson · 2026-01-12T19:28:41Z

/ok-to-test

clubanderson · 2026-01-12T19:42:48Z

/retest

clubanderson · 2026-01-12T19:55:41Z

@mrhapile please clear up conflicts

clubanderson · 2026-01-12T20:17:53Z

/retest

clubanderson · 2026-01-12T20:26:14Z

The Build & Push PR Preview Image and Code Quality & Build workflow failures are due to a cached workflow that has since been disabled (replaced by Netlify previews).

Please rebase your branch on main or merge main into your branch to pick up the workflow changes:

git fetch origin main
git rebase origin/main
git push --force-with-lease

This will stop the failing workflows from running.

Signed-off-by: mrhapile <allinonegaming3456@gmail.com>

kubestellar-prow · 2026-01-13T11:47:48Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign oksaumya for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

kubestellar-prow · 2026-01-13T11:48:09Z

@mrhapile: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kubestellar-docs-markdown-lint	`dd71941`	link	true	`/test pull-kubestellar-docs-markdown-lint`
pull-kubestellar-docs-build	`dd71941`	link	true	`/test pull-kubestellar-docs-build`
pull-kubestellar-docs-verify	`dd71941`	link	true	`/test pull-kubestellar-docs-verify`
pull-kubestellar-docs-test	`dd71941`	link	true	`/test pull-kubestellar-docs-test`

Full PR test history

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

oksaumya · 2026-01-13T11:53:46Z

resolve conflicts @mrhapile

mrhapile · 2026-01-13T12:07:01Z

@oksaumya resolved

clubanderson · 2026-01-16T16:58:11Z

📖 Preview Links

The following documentation pages were changed in this PR:

Status	Page	Preview Link
📄	`testing`	View preview

🔗 Full preview site

📖 docs: document CI security scanning workflows

9e305c3

Signed-off-by: mrhapile <allinonegaming3456@gmail.com>

Copilot AI review requested due to automatic review settings January 10, 2026 20:08

kubestellar-prow bot added the dco-signoff: yes Indicates the PR's author has signed the DCO. label Jan 10, 2026

github-actions bot added the documentation Improvements or additions to documentation label Jan 10, 2026

kubestellar-prow bot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 10, 2026

Copilot started reviewing on behalf of mrhapile January 10, 2026 20:08 View session

Copilot AI reviewed Jan 10, 2026

View reviewed changes

docs/content/direct/testing.md Outdated Show resolved Hide resolved

kubestellar-prow bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jan 12, 2026

kubestellar-prow bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 13, 2026

minor ai changes

dd71941

Signed-off-by: mrhapile <allinonegaming3456@gmail.com>

github-actions bot removed the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Jan 13, 2026

Merge branch 'main' into docs/ci-security-scanning-567

4a2de54

kubestellar-prow bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 13, 2026

clubanderson added the kind/documentation Categorizes issue or PR as related to documentation. label Jan 13, 2026

📖 docs: document CI security scanning workflows #571

Are you sure you want to change the base?

📖 docs: document CI security scanning workflows #571

Uh oh!

Conversation

mrhapile commented Jan 10, 2026

Fixes #567

Summary

Notes

Uh oh!

netlify bot commented Jan 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for kubestellar-docs ready!

Uh oh!

kubestellar-prow bot commented Jan 10, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

clubanderson commented Jan 12, 2026

Uh oh!

clubanderson commented Jan 12, 2026

Uh oh!

clubanderson commented Jan 12, 2026

Uh oh!

clubanderson commented Jan 12, 2026

Uh oh!

clubanderson commented Jan 12, 2026

Uh oh!

kubestellar-prow bot commented Jan 13, 2026

Uh oh!

kubestellar-prow bot commented Jan 13, 2026

Uh oh!

oksaumya commented Jan 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mrhapile commented Jan 13, 2026

Uh oh!

clubanderson commented Jan 16, 2026

📖 Preview Links

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

netlify bot commented Jan 10, 2026 •

edited

Loading

oksaumya commented Jan 13, 2026 •

edited

Loading