paul/gilde-ci-cd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(CVE-Scanner Repo): Add Repo scanner ci definition.

Browse Source
This commit is contained in:
Marcel Feix 2022-02-18 21:12:42 +01:00
parent 7d8cfe7173
commit bc31fc2156
No known key found for this signature in database
GPG Key ID: 04D016E104A25F03
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
repo-cve-scan.gitlab-ci.yml Normal file
View File

@ -0,0 +1,20 @@
.repo_cve_scan:
image:
name: docker.io/aquasec/trivy:0.23.0
entrypoint: [ "" ]
stage: test
needs: []
variables:
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed --severity HIGH,CRITICAL"
SCAN_PATH: "."
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml
script:
# Builds report and puts it in the default workdir $CI_PROJECT_DIR, so artifacts: can take it from there
- trivy --cache-dir .trivycache/ fs --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --security-checks vuln,config --format template --format template --template "/contrib/junit.tpl" -o junit-report.xml $SCAN_PATH
- trivy --cache-dir .trivycache/ fs --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --security-checks vuln,config $SCAN_PATH