From cd2549891a26384f1ebd1773af0d1a5a2ed0f8a7 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 10:52:26 +0200 Subject: [PATCH 01/13] refactor(Container) Rename all Container related stuff from image suffix to container prefix --- publish-image.yml => container-publish.yml | 0 documentation/chapters/generalInformation.adoc | 2 +- .../templates/{publish-image.adoc => container-publish.adoc} | 2 +- documentation/document.adoc | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename publish-image.yml => container-publish.yml (100%) rename documentation/chapters/templates/{publish-image.adoc => container-publish.adoc} (90%) diff --git a/publish-image.yml b/container-publish.yml similarity index 100% rename from publish-image.yml rename to container-publish.yml diff --git a/documentation/chapters/generalInformation.adoc b/documentation/chapters/generalInformation.adoc index 2b47efc..1369924 100644 --- a/documentation/chapters/generalInformation.adoc +++ b/documentation/chapters/generalInformation.adoc @@ -23,7 +23,7 @@ include: - 'npm-dependencies-template.yml' - 'npm-lint-template.yml' - 'npm-test-template.yml' - - 'publish-image.yml' + - 'container-publish.yml' - 'set-version-template.yml' - 'sonar-template.yml' diff --git a/documentation/chapters/templates/publish-image.adoc b/documentation/chapters/templates/container-publish.adoc similarity index 90% rename from documentation/chapters/templates/publish-image.adoc rename to documentation/chapters/templates/container-publish.adoc index 2c2fa41..f0d261a 100644 --- a/documentation/chapters/templates/publish-image.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -14,5 +14,5 @@ Falls das Projekt aus mehreren Poms besteht, kann `bevor_script:` benutzt werden .sonar-template ---- -include::{sourcedir}/publish-image.yml[] +include::{sourcedir}/container-publish.yml[] ---- \ No newline at end of file diff --git a/documentation/document.adoc b/documentation/document.adoc index 65a24ae..88bcacb 100644 --- a/documentation/document.adoc +++ b/documentation/document.adoc @@ -37,7 +37,7 @@ include::chapters/generalInformation.adoc[leveloffset=1] == Misc Templates include::chapters/templates/sonar-template.adoc[leveloffset=1] -include::chapters/templates/publish-image.adoc[leveloffset=1] +include::chapters/templates/container-publish.adoc[leveloffset=1] == NPM Templates From 146ff9b89e5623559498f5a6181608233a684adb Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 10:52:41 +0200 Subject: [PATCH 02/13] feat(Container) add container scan template --- container-scan.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 container-scan.yml diff --git a/container-scan.yml b/container-scan.yml new file mode 100644 index 0000000..fde0286 --- /dev/null +++ b/container-scan.yml @@ -0,0 +1,33 @@ +.publish-image-jib: + image: $MAVEN_IMAGE + stage: test + variables: + TRIVY_VERSION: 0.18.3 + PROJECT_DIR: $CI_PROJECT_DIR + DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile + CONTEXT_LOCATION: $CI_PROJECT_DIR + before_script: + - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + script: + - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests + - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar + - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar + +.check-kani: + stage: test + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [ "" ] + variables: + TRIVY_VERSION: 0.18.3 + PROJECT_DIR: $CI_PROJECT_DIR + DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile + CONTEXT_LOCATION: $CI_PROJECT_DIR + before_script: + - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + script: + - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image + - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input image.tar + - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input image.tar \ No newline at end of file From 2162e372de8dee4fe1c2b03a43f8c78d8774a87f Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 10:55:41 +0200 Subject: [PATCH 03/13] feat(Container) rename to scan container kaniko/jib --- container-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-scan.yml b/container-scan.yml index fde0286..3f622fd 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -1,4 +1,4 @@ -.publish-image-jib: +.scan-container-jib: image: $MAVEN_IMAGE stage: test variables: @@ -14,7 +14,7 @@ - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar -.check-kani: +.scan-container-kaniko: stage: test image: name: gcr.io/kaniko-project/executor:debug From b527942602c2b097cf06fceb8ab14ef2136f66e2 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 13:04:20 +0200 Subject: [PATCH 04/13] feat(Container) use curl instead of wget in maven --- container-scan.yml | 2 +- documentation/chapters/generalInformation.adoc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/container-scan.yml b/container-scan.yml index 3f622fd..f3eacc8 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -25,7 +25,7 @@ DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR before_script: - - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image diff --git a/documentation/chapters/generalInformation.adoc b/documentation/chapters/generalInformation.adoc index 1369924..24fb4c7 100644 --- a/documentation/chapters/generalInformation.adoc +++ b/documentation/chapters/generalInformation.adoc @@ -24,6 +24,7 @@ include: - 'npm-lint-template.yml' - 'npm-test-template.yml' - 'container-publish.yml' + - 'container-scan.yml' - 'set-version-template.yml' - 'sonar-template.yml' From 4c4e7a202666908231c570f09897617207c7417d Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 13:14:51 +0200 Subject: [PATCH 05/13] feat(Container) correct last wget and curl. --- container-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-scan.yml b/container-scan.yml index f3eacc8..244f3dc 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -7,7 +7,7 @@ DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR before_script: - - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests @@ -25,7 +25,7 @@ DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR before_script: - - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image From cac068d7c82447697790a0691569eb15be392e36 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 08:16:44 +0000 Subject: [PATCH 06/13] Update container-publish.yml --- container-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-publish.yml b/container-publish.yml index 5abb8a8..cb09eb4 100644 --- a/container-publish.yml +++ b/container-publish.yml @@ -1,8 +1,8 @@ .publish-image-jib: image: $MAVEN_IMAGE stage: package - only: - - tags + rules: + - if: $CI_COMMIT_TAG variables: MVN_VERSION: "true" script: From 2e0fa76f413c8c35404bcad6e274fe1109d04301 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 08:49:03 +0000 Subject: [PATCH 07/13] feat(Container Scan) Make exit code variable --- container-scan.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/container-scan.yml b/container-scan.yml index 244f3dc..4c246e8 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -6,14 +6,16 @@ PROJECT_DIR: $CI_PROJECT_DIR DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR + EXITCODE_ON_HIGH: 1 + EXITCODE_ON_CRITICAL: 1 before_script: - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests - - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar - - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar - + - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar + - ./trivy --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar + .scan-container-kaniko: stage: test image: @@ -24,10 +26,12 @@ PROJECT_DIR: $CI_PROJECT_DIR DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR + EXITCODE_ON_HIGH: 1 + EXITCODE_ON_CRITICAL: 1 before_script: - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image - - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input image.tar - - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input image.tar \ No newline at end of file + - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input image.tar + - ./trivy --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input image.tar From 1b3a5854d54178ff33b48fed2b2fb7ff285aeeba Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:09:35 +0200 Subject: [PATCH 08/13] refactor(*) add Sonar lint to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 0a16fa7..e095c17 100644 --- a/.gitignore +++ b/.gitignore @@ -72,3 +72,4 @@ fabric.properties # Android studio 3.1+ serialized cache file .idea/caches/build_file_checksums.ser +/.idea/sonarlint/ From f92490d01aa319572ba26df2333d100d2e923a58 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:10:01 +0200 Subject: [PATCH 09/13] refactor(*) remove files from Sonar lint --- .../issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 | 0 .idea/sonarlint/issuestore/index.pb | 3 --- 2 files changed, 3 deletions(-) delete mode 100644 .idea/sonarlint/issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 delete mode 100644 .idea/sonarlint/issuestore/index.pb diff --git a/.idea/sonarlint/issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 b/.idea/sonarlint/issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 deleted file mode 100644 index e69de29..0000000 diff --git a/.idea/sonarlint/issuestore/index.pb b/.idea/sonarlint/issuestore/index.pb deleted file mode 100644 index 201e7fb..0000000 --- a/.idea/sonarlint/issuestore/index.pb +++ /dev/null @@ -1,3 +0,0 @@ - -A -publish-image.yml,2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 \ No newline at end of file From 98a2292a753b35ddb31cc2b2212c762d2a020df7 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:10:22 +0200 Subject: [PATCH 10/13] refactor(*) cleanup Sonar Template doc that is now in own repo --- .../chapters/templates/sonar-template.adoc | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 documentation/chapters/templates/sonar-template.adoc diff --git a/documentation/chapters/templates/sonar-template.adoc b/documentation/chapters/templates/sonar-template.adoc deleted file mode 100644 index dd5e6d7..0000000 --- a/documentation/chapters/templates/sonar-template.adoc +++ /dev/null @@ -1,17 +0,0 @@ -:sourcedir: ../../../ - -= sonar-template - -Ruft den Sonar Job für das Projekt auf. -Mehr Details zu finden hier: https://gitlab.exxcellent.de/gilden/ci/exxcellent-sonar-tool[Gilde CI/CD: exxcellent-sonar-tool]. - -.Variables -|=== -|Name |Description | Default Value -|SONAR_PROJECT_KEY | Der Sonar-Projekt-Key. | "" -|=== - -.sonar-template ----- -include::{sourcedir}/sonar-template.yml[] ----- \ No newline at end of file From 66dcfe8579fccef11ef7fffb16a2c01a7bff6d29 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:11:29 +0200 Subject: [PATCH 11/13] docs(Container) Add Container Documentation for Scan and corrected Publish Docs --- container-scan.yml | 3 --- .../chapters/templates/container-publish.adoc | 4 ++-- .../chapters/templates/container-scan.adoc | 23 +++++++++++++++++++ documentation/document.adoc | 8 +++++-- 4 files changed, 31 insertions(+), 7 deletions(-) create mode 100644 documentation/chapters/templates/container-scan.adoc diff --git a/container-scan.yml b/container-scan.yml index 4c246e8..df6734a 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -3,9 +3,6 @@ stage: test variables: TRIVY_VERSION: 0.18.3 - PROJECT_DIR: $CI_PROJECT_DIR - DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile - CONTEXT_LOCATION: $CI_PROJECT_DIR EXITCODE_ON_HIGH: 1 EXITCODE_ON_CRITICAL: 1 before_script: diff --git a/documentation/chapters/templates/container-publish.adoc b/documentation/chapters/templates/container-publish.adoc index f0d261a..27db2e7 100644 --- a/documentation/chapters/templates/container-publish.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -1,8 +1,8 @@ :sourcedir: ../../../ -= Publish-Image-jib += Container-Publish -Baut mithilfe von jib ein Docker Image und läd es in der Docker Registry des Projekt hoch. +Baut mithilfe von jib oder kaniko ein Docker Image und läd das Image in der Docker Registry des Projekts hoch. Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. .Variables diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container-scan.adoc new file mode 100644 index 0000000..1a200b0 --- /dev/null +++ b/documentation/chapters/templates/container-scan.adoc @@ -0,0 +1,23 @@ +:sourcedir: ../../../ + += Container-Scan + +Scanned ein Container Baut mithilfe von jib oder kaniko ein Container ein Docker Image und läd es in der Docker Registry des Projekt hoch. +Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. + +.Variables +|=== +|Name |Description | Default Value +|TRIVY_VERSION | Version von Trivy die benutzt werden soll. +|EXITCODE_ON_HIGH | Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als HIGH markiert wurde, gefunden werden konnte. +Wenn 0 benutzt wird, läuft die CI weiter. +Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird. +|EXITCODE_ON_CRITICAL | Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als CRITICAL markiert wurde, gefunden werden konnte. +Wenn 0 benutzt wird, läuft die CI weiter. +Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird. +|=== + +.sonar-template +---- +include::{sourcedir}/container-scan.yml[] +---- \ No newline at end of file diff --git a/documentation/document.adoc b/documentation/document.adoc index 88bcacb..c783dfb 100644 --- a/documentation/document.adoc +++ b/documentation/document.adoc @@ -36,8 +36,8 @@ include::chapters/generalInformation.adoc[leveloffset=1] == Misc Templates -include::chapters/templates/sonar-template.adoc[leveloffset=1] include::chapters/templates/container-publish.adoc[leveloffset=1] +include::chapters/templates/container-scan.adoc[leveloffset=1] == NPM Templates @@ -50,4 +50,8 @@ include::chapters/templates/npm-test-template.adoc[leveloffset=1] include::chapters/templates/maven-dependencies-template.adoc[leveloffset=1] include::chapters/templates/maven-build-template.adoc[leveloffset=1] -include::chapters/templates/maven-verify-template.adoc[leveloffset=1] \ No newline at end of file +include::chapters/templates/maven-verify-template.adoc[leveloffset=1] + +== Tools + +Weitere Templates für die Tools der CI Gilde, sind in den jeweiligen Repos zu finden. \ No newline at end of file From 92eef1b7a96c9bc80d7e2b2f0914d27b4f65848c Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Thu, 1 Jul 2021 12:48:49 +0000 Subject: [PATCH 12/13] Add docker variables to jib build --- container-publish.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/container-publish.yml b/container-publish.yml index cb09eb4..51d1b55 100644 --- a/container-publish.yml +++ b/container-publish.yml @@ -4,6 +4,9 @@ rules: - if: $CI_COMMIT_TAG variables: + DOCKER_REGISTRY: $CI_REGISTRY + DOCKER_REGISTRY_USER: $CI_REGISTRY_USER + DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD MVN_VERSION: "true" script: - export PARSED_VERSION=$(echo $CI_COMMIT_TAG | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag @@ -14,8 +17,9 @@ fi - mvn $MAVEN_CLI_OPTS compile jib:build "-DskipTests" - "-Djib.to.auth.username=$CI_REGISTRY_USER" - "-Djib.to.auth.password=$CI_REGISTRY_PASSWORD" + "-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION" + "-Djib.to.auth.username=$DOCKER_REGISTRY_USER" + "-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD" .publish-image-kaniko: image: From ee4482d4ad2859d956d847d7f7e99acb75787488 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Fri, 2 Jul 2021 08:54:05 +0200 Subject: [PATCH 13/13] docs(Container) Small Corrections in the doc from merg requests feedback. --- .idea/gitlab-ci-templates.iml | 4 +++- documentation/chapters/templates/container-publish.adoc | 2 +- documentation/chapters/templates/container-scan.adoc | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.idea/gitlab-ci-templates.iml b/.idea/gitlab-ci-templates.iml index d6ebd48..2576ae6 100644 --- a/.idea/gitlab-ci-templates.iml +++ b/.idea/gitlab-ci-templates.iml @@ -2,7 +2,9 @@ - + + + diff --git a/documentation/chapters/templates/container-publish.adoc b/documentation/chapters/templates/container-publish.adoc index 27db2e7..c90abce 100644 --- a/documentation/chapters/templates/container-publish.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -9,7 +9,7 @@ Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. |=== |Name |Description | Default Value |MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll. -Falls das Projekt aus mehreren Poms besteht, kann `bevor_script:` benutzt werden. | "true" +Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werden. | "true" |=== .sonar-template diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container-scan.adoc index 1a200b0..2dc3a1d 100644 --- a/documentation/chapters/templates/container-scan.adoc +++ b/documentation/chapters/templates/container-scan.adoc @@ -2,8 +2,7 @@ = Container-Scan -Scanned ein Container Baut mithilfe von jib oder kaniko ein Container ein Docker Image und läd es in der Docker Registry des Projekt hoch. -Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. +Baut ein Image mithilfe von jib oder Kaniko welches im Anschluss gescanned wird. Dieser Schritt wird ausgeführt, wenn ein Tag gesetzt wird. Die Ergebnisse des Scans können genutzt werden den Build failen zu lassen, falls gewünscht (vgl. `EXITCODE_ON_HIGH` und `EXITCODE_ON_CRITICAL`). .Variables |===