Update .gitlab-ci.yml
This commit is contained in:
@@ -111,6 +111,7 @@ sonarqube-check:
|
|||||||
allow_failure: true
|
allow_failure: true
|
||||||
only:
|
only:
|
||||||
- master # or the name of your main branch
|
- master # or the name of your main branch
|
||||||
|
- branches
|
||||||
|
|
||||||
trivy:
|
trivy:
|
||||||
stage: test
|
stage: test
|
||||||
@@ -126,11 +127,11 @@ trivy:
|
|||||||
# Build image
|
# Build image
|
||||||
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
|
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
|
||||||
# Build report
|
# Build report
|
||||||
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
- ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
||||||
# Print report
|
# Print report
|
||||||
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
- ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
||||||
# Fail on severe vulnerabilities
|
# Fail on severe vulnerabilities
|
||||||
- ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
- ./trivy image --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
||||||
cache:
|
cache:
|
||||||
paths:
|
paths:
|
||||||
- .trivycache/
|
- .trivycache/
|
||||||
|
|||||||
Reference in New Issue
Block a user