34 lines
888 B
Plaintext
34 lines
888 B
Plaintext
:sourcedir: ../../../../templates/
|
|
|
|
= Repo CVE Scan
|
|
|
|
This template uses Trivy to scan for CVEs, Configuration Problems and Secrets within your Repository.
|
|
|
|
.Variables
|
|
|===
|
|
|Name |Description | Default Value
|
|
|EXITCODE
|
|
| Define the exit code Trivy uses when finding a CVE of the High category.
|
|
When using 0 the CI will run not exit when finding CVEs
|
|
Please consider using `allow_failure: true` instead of 0. The CI will show you an error but not fail.
|
|
| 1
|
|
|
|
|TRIVY_EXTRA_ARGS
|
|
| Extra arguments to pass to Trivy
|
|
| --no-progress --ignore-unfixed --severity HIGH,CRITICAL
|
|
|
|
| TRIVY_CKECKS
|
|
| Allows you to configure what checks will be executed on your Repository
|
|
| "vuln,config,secret"
|
|
|
|
| SCAN_PATH
|
|
| Path where Trivy should scan for security errors.
|
|
| $CI_PROJECT_DIR
|
|
|
|
|===
|
|
|
|
.Repo CVE scan template
|
|
[source,yaml]
|
|
----
|
|
include::{sourcedir}static-analysis/repo-cve-scan-trivy.gitlab-ci.yml[]
|
|
---- |