paul/gilde-ci-cd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(container-scan): add extra args to kaniko container scan template

Browse Source
This commit is contained in:
Karina 2022-04-19 08:38:42 +02:00
parent 31a65f4333
commit 632744f14d
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
container-scan.gitlab-ci.yml
View File

@ -58,7 +58,7 @@
- wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script:
- /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify
- /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION $KANIKO_EXTRA_ARGS --cache-dir cache/image --tarPath image.tar --no-push --destination image --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input image.tar
cache:

2
documentation/chapters/templates/container-scan.adoc
View File

@ -23,6 +23,8 @@ Wenn 0 benutzt wird, läuft die CI weiter.
Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird.
| -
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|KANIKO_EXTRA_ARGS | Extra Arguments for the build of the image with Kaniko | ""
|===
.container scan template