From d2ac295a76106051d6d434a73a76fefd4548de94 Mon Sep 17 00:00:00 2001
From: Fabian Widmann <fabian.widmann@exxcellent.de>
Date: Mon, 5 Jul 2021 07:45:28 +0000
Subject: [PATCH] Feat/cve scan add cachedir and junit report

---
 container-scan.yml | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/container-scan.yml b/container-scan.yml
index df6734a..b457a9b 100644
--- a/container-scan.yml
+++ b/container-scan.yml
@@ -3,16 +3,23 @@
   stage: test
   variables:
     TRIVY_VERSION: 0.18.3
-    EXITCODE_ON_HIGH: 1 
-    EXITCODE_ON_CRITICAL: 1 
+    EXITCODE_ON_HIGH: 1
+    EXITCODE_ON_CRITICAL: 1
   before_script:
     - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"  --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
     - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
   script:
     - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests
-    - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar
-    - ./trivy --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar
- 
+    - ./trivy --cache-dir .trivycache/ --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/junit.tpl" -o junit-report.xml --input target/jib-image.tar
+    - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar
+    - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar
+  cache:
+    paths:
+      - .trivycache/
+  artifacts:
+    reports:
+      junit: junit-report.xml
+
 .scan-container-kaniko:
   stage: test
   image:
@@ -23,12 +30,19 @@
     PROJECT_DIR: $CI_PROJECT_DIR
     DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
     CONTEXT_LOCATION: $CI_PROJECT_DIR
-    EXITCODE_ON_HIGH: 1 
-    EXITCODE_ON_CRITICAL: 1 
+    EXITCODE_ON_HIGH: 1
+    EXITCODE_ON_CRITICAL: 1
   before_script:
     - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
     - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
   script:
     - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath  image.tar --no-push --destination image
-    - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input image.tar
-    - ./trivy --exit-code $EXITCODE_ON_CRITICAL  --severity CRITICAL --no-progress --auto-refresh --input image.tar
+    - ./trivy --cache-dir .trivycache/ --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/junit.tpl" -o junit-report.xml --input image.tar
+    - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input image.tar
+    - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_CRITICAL  --severity CRITICAL --no-progress --auto-refresh --input image.tar
+  cache:
+    paths:
+      - .trivycache/
+  artifacts:
+    reports:
+      junit: junit-report.xml