From 1518e8c39588bd2a945d1d644894c74d752b05b7 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Wed, 5 May 2021 00:09:10 +0000
Subject: [PATCH 1/7] Add Trivy scanner stage

---
 .gitlab-ci.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8395dff..e8991ce 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -95,6 +95,7 @@ include:
 - template: Security/SAST.gitlab-ci.yml
 
 sonarqube-check:
+  stage: test
   image: 
     name: sonarsource/sonar-scanner-cli:latest
     entrypoint: [""]
@@ -110,3 +111,30 @@ sonarqube-check:
   allow_failure: true
   only:
     - master # or the name of your main branch
+
+trivy:
+  stage: test
+  image: docker:stable
+  extends:
+    - .docker_base
+  before_script:
+    - export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
+    - echo $TRIVY_VERSION
+    - wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
+  allow_failure: true
+  script:
+    # Build image
+    - docker build -t $IMAGE ./Docker/
+    # Build report
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
+    # Print report
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $IMAGE
+    # Fail on severe vulnerabilities
+    - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $IMAGE
+  cache:
+    paths:
+      - .trivycache/
+  # Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)
+  artifacts:
+    reports:
+      container_scanning: gl-container-scanning-report.json
-- 
2.49.1


From ad399185ad0d254eea809e514b530d31ebb94a8b Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Wed, 5 May 2021 00:11:04 +0000
Subject: [PATCH 2/7] Update .gitlab-ci.yml

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e8991ce..21dd1d7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -124,7 +124,7 @@ trivy:
   allow_failure: true
   script:
     # Build image
-    - docker build -t $IMAGE ./Docker/
+    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
     # Build report
     - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
     # Print report
-- 
2.49.1


From 611b7da916df80842c63559cba753a9e5594ef80 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Wed, 5 May 2021 00:12:45 +0000
Subject: [PATCH 3/7] Update .gitlab-ci.yml

---
 .gitlab-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 21dd1d7..3bb31d7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -126,11 +126,11 @@ trivy:
     # Build image
     - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
     # Build report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Print report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $IMAGE
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Fail on severe vulnerabilities
-    - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $IMAGE
+    - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
   cache:
     paths:
       - .trivycache/
-- 
2.49.1


From bfba87852b0ae4cb76f8b81fa3f3723cc0b8ff99 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Wed, 5 May 2021 00:22:38 +0000
Subject: [PATCH 4/7] Update .gitlab-ci.yml

---
 .gitlab-ci.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3bb31d7..1001d45 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -111,6 +111,7 @@ sonarqube-check:
   allow_failure: true
   only:
     - master # or the name of your main branch
+    - branches
 
 trivy:
   stage: test
@@ -126,11 +127,11 @@ trivy:
     # Build image
     - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
     # Build report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Print report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Fail on severe vulnerabilities
-    - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy image --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
   cache:
     paths:
       - .trivycache/
-- 
2.49.1


From 08506cc1b6a53e040c192d896bbf23b25d7a1e19 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Wed, 5 May 2021 00:25:09 +0000
Subject: [PATCH 5/7] Update .gitlab-ci.yml

---
 .gitlab-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1001d45..6564e11 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -127,11 +127,11 @@ trivy:
     # Build image
     - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
     # Build report
-    - ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Print report
-    - ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Fail on severe vulnerabilities
-    - ./trivy image --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
   cache:
     paths:
       - .trivycache/
-- 
2.49.1


From b4a2a0b836699b9a5a540c7d2ebd8b01e7e8f389 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Wed, 5 May 2021 00:28:50 +0000
Subject: [PATCH 6/7] Update .gitlab-ci.yml

---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6564e11..14b5598 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -127,9 +127,9 @@ trivy:
     # Build image
     - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
     # Build report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image python:3.4-alpine
     # Print report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image python:3.4-alpine
     # Fail on severe vulnerabilities
     - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
   cache:
-- 
2.49.1


From 57780732e408fcb6db7a8596252a040f731b8988 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Wed, 5 May 2021 00:33:12 +0000
Subject: [PATCH 7/7] Update .gitlab-ci.yml

---
 .gitlab-ci.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 14b5598..e09f074 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -115,7 +115,6 @@ sonarqube-check:
 
 trivy:
   stage: test
-  image: docker:stable
   extends:
     - .docker_base
   before_script:
@@ -127,9 +126,9 @@ trivy:
     # Build image
     - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
     # Build report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image python:3.4-alpine
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Print report
-    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image python:3.4-alpine
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
     # Fail on severe vulnerabilities
     - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
   cache:
-- 
2.49.1