= Repo CVE Scan

This template uses Trivy to scan for CVEs, Configuration Problems and Secrets within your Repository.

.Variables
|===
|Name |Description | Default Value
|EXITCODE
| Define the exit code Trivy uses when finding a CVE of the High category.
When using 0 the CI will run not exit when finding CVEs
Please consider using `allow_failure: true` instead of 0. The CI will show you an error but not fail.
| 1

|TRIVY_EXTRA_ARGS
| Extra arguments to pass to Trivy
| --no-progress --ignore-unfixed --severity HIGH,CRITICAL

| TRIVY_CKECKS
| Allows you to configure what checks will be executed on your Repository
| "vuln,config,secret"

| SCAN_PATH
| Path where Trivy should scan for security errors.
| $CI_PROJECT_DIR

|===

:template: static-analysis/repo-cve-scan-trivy.gitlab-ci.yml
include::../../../template-printer.adoc[]