erichardson/py-eagle-mqtt
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases 11 Wiki Activity

Add Trivy scanner stage #4

Merged
erichardson merged 7 commits from add-trivy-scanner into master 2021-05-09 02:37:52 +00:00
Conversation 9 Commits 7 Files Changed 1 +2 -2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b4a2a0b836 - Show all commits

4
.gitlab-ci.yml
View File

@@ -127,9 +127,9 @@ trivy:
# Build image # Build image
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/ - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
# Build report # Build report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image python:3.4-alpine
# Print report # Print report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image python:3.4-alpine
# Fail on severe vulnerabilities # Fail on severe vulnerabilities
- ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
cache: cache: