35 lines
1.1 KiB
Plaintext
35 lines
1.1 KiB
Plaintext
:sourcedir: ../../../../templates/
|
|
|
|
= Container CVE Scanner
|
|
|
|
Uses Trivy to scan for CVE Problems within your Image.
|
|
Needs a build container on the path `image.tar`.
|
|
Use one of the Container build templates for this.
|
|
|
|
====
|
|
NOTE: NPM Trivy can not find CVE's within Frontend containes that do not have a dependencie-lock file.
|
|
This file should not be part of the Image.
|
|
We provide an additional static CVE-Analyser-Template that can find these CVE's within your Repo.
|
|
We also have the https://gitlab.exxcellent.de/gilden/ci/security-scanner/security-scanner[Security-Scanner] if you have more than one image to scan.
|
|
====
|
|
|
|
.Variables
|
|
|===
|
|
|Name |Description | Default Value
|
|
|EXITCODE
|
|
| Define the exit code Trivy uses when finding a CVE of the High category.
|
|
When using 0 the CI will run not exit when finding CVEs
|
|
Please consider using `allow_failure: true` instead of 0. The CI will show you an error but not fail.
|
|
| 1
|
|
|
|
| TRIVY_EXTRA_ARGS
|
|
| Extra arguments to pass to Trivy
|
|
| Please see Template
|
|
|
|
|===
|
|
|
|
.container scan template
|
|
[source,yaml]
|
|
----
|
|
include::{sourcedir}container/container-scan.gitlab-ci.yml[]
|
|
---- |