erichardson/py-eagle-mqtt
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases 11 Wiki Activity

Add Trivy scanner stage #4

Merged
erichardson merged 7 commits from add-trivy-scanner into master 2021-05-09 02:37:52 +00:00
Conversation 9 Commits 7 Files Changed 1 +2 -3
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 57780732e4 - Show all commits

5
.gitlab-ci.yml
View File

@@ -115,7 +115,6 @@ sonarqube-check:
trivy: trivy:
stage: test stage: test
image: docker:stable
extends: extends:
- .docker_base - .docker_base
before_script: before_script:
@@ -127,9 +126,9 @@ trivy:
# Build image # Build image
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/ - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
# Build report # Build report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image python:3.4-alpine - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Print report # Print report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image python:3.4-alpine - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Fail on severe vulnerabilities # Fail on severe vulnerabilities
- ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
cache: cache: