= Container CVE Scanner

Uses Trivy to scan for CVE Problems within your Image.
Needs a build container on the path `image.tar`.
Use one of the Container build templates for this.

====
NOTE: NPM Trivy can not find CVE's within Frontend containes that do not have a dependencie-lock file.
This file should not be part of the Image.
We provide an additional static CVE-Analyser-Template that can find these CVE's within your Repo.
We also have the https://gitlab.exxcellent.de/gilden/ci/security-scanner/security-scanner[Security-Scanner] if you have more than one image to scan.
====

.Variables
|===
|Name |Description | Default Value
|EXITCODE
| Define the exit code Trivy uses when finding a CVE of the High category.
When using 0 the CI will run not exit when finding CVEs
Please consider using `allow_failure: true` instead of 0. The CI will show you an error but not fail.
| 1

| TRIVY_EXTRA_ARGS
| Extra arguments to pass to Trivy
| Please see Template

|===

:template: container/container-scan.gitlab-ci.yml
include::../../../template-printer.adoc[]