Skip to content
Snippets Groups Projects
Commit 4cec06bb authored by Bertrand Goareguer's avatar Bertrand Goareguer Committed by Pierre Smeyers
Browse files

fix(Trivy): prefix Trivy report name

parent e9439a23
No related branches found
No related tags found
No related merge requests found
...@@ -613,8 +613,8 @@ docker-trivy: ...@@ -613,8 +613,8 @@ docker-trivy:
trivy image --clear-cache trivy image --clear-cache
export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}} export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}} export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
export FILENAME=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') export FILENAME=trivy-$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
mkdir -p ./trivy mkdir -p ./reports
if [[ -z "${DOCKER_TRIVY_ADDR}" ]]; then if [[ -z "${DOCKER_TRIVY_ADDR}" ]]; then
log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the DOCKER_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m" log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the DOCKER_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m"
trivy image --download-db-only trivy image --download-db-only
...@@ -626,15 +626,15 @@ docker-trivy: ...@@ -626,15 +626,15 @@ docker-trivy:
# Add common trivy arguments # Add common trivy arguments
export trivy_opts="${trivy_opts} --severity ${DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD} --vuln-type os ${DOCKER_TRIVY_ARGS}" export trivy_opts="${trivy_opts} --severity ${DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD} --vuln-type os ${DOCKER_TRIVY_ARGS}"
# the first execution of Trivy should never fail, otherwise the other executions won't be run (so --exit-code=0) # the first execution of Trivy should never fail, otherwise the other executions won't be run (so --exit-code=0)
trivy ${trivy_opts} --format template --template @/contrib/junit.tpl --output ./trivy/${FILENAME}.xml --exit-code 0 $DOCKER_SNAPSHOT_IMAGE trivy ${trivy_opts} --format template --template @/contrib/junit.tpl --output ./reports/${FILENAME}.xml --exit-code 0 $DOCKER_SNAPSHOT_IMAGE
trivy ${trivy_opts} --format json --output ./trivy/${FILENAME}.json --exit-code 0 $DOCKER_SNAPSHOT_IMAGE trivy ${trivy_opts} --format json --output ./reports/${FILENAME}.json --exit-code 0 $DOCKER_SNAPSHOT_IMAGE
trivy ${trivy_opts} --format table --exit-code 1 $DOCKER_SNAPSHOT_IMAGE trivy ${trivy_opts} --format table --exit-code 1 $DOCKER_SNAPSHOT_IMAGE
artifacts: artifacts:
when: always when: always
paths: paths:
- trivy/ - reports/
reports: reports:
junit: "trivy/*.xml" junit: "reports/*.xml"
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment