Merge pull request #105 from IBM/docs_nov

Add details on resolving vulnerabilities.

Author: krook

README.md

@@ -30,7 +30,7 @@ See the Container Service Kubernetes and IBM Cloud services (MySQL, Redis, Memca
 See the Docker container build and Kubernetes deployment [instructions](docs/DEPLOY-CONTAINERS.md).
 
 ### Ongoing development and operations with GitHub commits
-See the ongoing development [instructions](docs/ONGOING-DEVELOPMENT.md). And the work in progress DevOps [pipeline docs](docs/PIPELINE-SETUP.md).
+See the ongoing development [instructions](docs/ONGOING-DEVELOPMENT.md). And the work in progress DevOps [pipeline docs](docs/PIPELINE-SETUP.md). This shows how container images are rebuilt and how to address security issues detected by the IBM Vulnerability Advisor.
 
 ### Synchronizing data from production back to staging
 There are two [synchronization scripts](docs/SYNCHRONIZING-DATA.md) that can be invoked to bring user generated changes to files or data from production back into the staging environment. You can also execute other scripts inside the containers as well.

docs/ONGOING-DEVELOPMENT.md

@@ -6,3 +6,17 @@ Push updates to the `config` directory. The pipeline will detect changes and ini
 
 ## Updating the Drupal and code version
 Push updates to the `code` directory. The pipeline will detect changes and initiate a custom image rebuild.
+
+## Addressing security issues with Vulnerability Advisor
+As container images are built and pushed to the IBM Cloud Container Registry, they are automatically scanned by the Vulnerability Advisor.
+
+You can see whether there are any vulnerabilities in your images by listing the images:
+```bash
+bx cr images
+```
+
+If any of them are listed as `Vulnerable` you can then see the specific issues with:
+
+```bash
+bx cr va $IMAGE_NAME
+```