Skip to content
Snippets Groups Projects
Commit 29a3173e authored by Bertrand Goareguer's avatar Bertrand Goareguer
Browse files

fix: limit security reports access to developer role or higher

parent 0773bdd9
Branches
Tags
No related merge requests found
......@@ -284,7 +284,7 @@ FROM ubuntu
RUN cd /tmp && echo "hello!"
```
In addition to a textual report in the console, this job produces the following reports, kept for one day:
In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:
| Report | Format | Usage |
| -------------------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
......@@ -420,7 +420,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| `trivy-db-repository` / `DOCKER_TRIVY_DB_REPOSITORY` | OCI repository to retrieve Trivy Database from | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-db`) |
| `trivy-java-db-repository` / `DOCKER_TRIVY_JAVA_DB_REPOSITORY` | OCI repository to retrieve Trivy Java Database from | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-java-db:1`)\_ |
In addition to a textual report in the console, this job produces the following reports, kept for one day:
In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:
| Report | Format | Usage |
| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
......
......@@ -775,6 +775,7 @@ docker-hadolint:
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
access: developer
when: always
reports:
codequality:
......@@ -1007,6 +1008,7 @@ docker-trivy:
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
access: developer
when: always
paths:
- "reports/docker-trivy-*"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment