erichardson/py-eagle-mqtt
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases 11 Wiki Activity

Add Trivy scanner stage #4

Merged
erichardson merged 7 commits from add-trivy-scanner into master 2021-05-09 02:37:52 +00:00
Conversation 9 Commits 7 Files Changed 1 +4 -3
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit bfba87852b - Show all commits

7
.gitlab-ci.yml
View File

@@ -111,6 +111,7 @@ sonarqube-check:
allow_failure: true allow_failure: true
only: only:
- master # or the name of your main branch - master # or the name of your main branch
- branches
trivy: trivy:
stage: test stage: test
@@ -126,11 +127,11 @@ trivy:
# Build image # Build image
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/ - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
# Build report # Build report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Print report # Print report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - ./trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Fail on severe vulnerabilities # Fail on severe vulnerabilities
- ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - ./trivy image --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/