Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wanted to know more about the tools they use for maintaining and scanning, but I guess many of them are internal and not open source?


For the scanning, we (.NET team) use the scanning services provided in Azure Container Registry (ACR). This is an internal ACR and the results of that are internal as mentioned in the post.

All the other tooling we use is open source. You can find our build infrastructure at https://github.com/dotnet/docker-tools. There's a tool there called image-builder that provides much of the functionality. I've written a blog post on how we use Azure Pipelines to manage the builds: https://devblogs.microsoft.com/dotnet/how-the-net-team-uses-.... Between image-builder and the pipelines, there's some automation that automatically rebuilds our images whenever a parent image changes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: