diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index 080a7b2a01613b8724d32c19271ebce1e577b58c..09be75af9f08d9a1b874a4d7272a8a2da2de7d12 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -613,8 +613,8 @@ docker-trivy: trivy image --clear-cache export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}} export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}} - export FILENAME=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') - mkdir -p ./trivy + export FILENAME=trivy-$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') + mkdir -p ./reports if [[ -z "${DOCKER_TRIVY_ADDR}" ]]; then log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the DOCKER_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m" trivy image --download-db-only @@ -626,15 +626,15 @@ docker-trivy: # Add common trivy arguments export trivy_opts="${trivy_opts} --severity ${DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD} --vuln-type os ${DOCKER_TRIVY_ARGS}" # the first execution of Trivy should never fail, otherwise the other executions won't be run (so --exit-code=0) - trivy ${trivy_opts} --format template --template @/contrib/junit.tpl --output ./trivy/${FILENAME}.xml --exit-code 0 $DOCKER_SNAPSHOT_IMAGE - trivy ${trivy_opts} --format json --output ./trivy/${FILENAME}.json --exit-code 0 $DOCKER_SNAPSHOT_IMAGE + trivy ${trivy_opts} --format template --template @/contrib/junit.tpl --output ./reports/${FILENAME}.xml --exit-code 0 $DOCKER_SNAPSHOT_IMAGE + trivy ${trivy_opts} --format json --output ./reports/${FILENAME}.json --exit-code 0 $DOCKER_SNAPSHOT_IMAGE trivy ${trivy_opts} --format table --exit-code 1 $DOCKER_SNAPSHOT_IMAGE artifacts: when: always paths: - - trivy/ + - reports/ reports: - junit: "trivy/*.xml" + junit: "reports/*.xml" cache: paths: - .trivycache/