From b89f06e5c5786461ce225e13d07b33b0d3f1cd4d Mon Sep 17 00:00:00 2001
From: Bertrand Goareguer <bertrand.goareguer@gmail.com>
Date: Fri, 6 Oct 2023 15:33:22 +0000
Subject: [PATCH] fix(trivy): fail when scanning an image that has reached EOL

---
 templates/gitlab-ci-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index b122d70..3180516 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -83,7 +83,7 @@ variables:
 
   DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
   DOCKER_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest"
-  DOCKER_TRIVY_ARGS: "--ignore-unfixed --vuln-type os"
+  DOCKER_TRIVY_ARGS: "--ignore-unfixed --vuln-type os --exit-on-eol 1"
 
   # SBOM genenration image and arguments
   DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
-- 
GitLab