Skip to content
Snippets Groups Projects
Commit c30bef46 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

docs: add Trivy scan badges

parent 5c617369
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 5 additions and 5 deletions
README.md
+ 5
5
View file @ c30bef46
...@@ -42,7 +42,7 @@ The Go template uses some global configuration used throughout all jobs. ...@@ -42,7 +42,7 @@ The Go template uses some global configuration used throughout all jobs.
| Input / Variable | Description | Default value | | Input / Variable | Description | Default value |
|------------------|------------------------------------------------------------------------------------------------------------|-----------------| |------------------|------------------------------------------------------------------------------------------------------------|-----------------|
| `image` / `GO_IMAGE` | The Docker image used to run Go for `go-build` <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/golang:bookworm` | | `image` / `GO_IMAGE` | The Docker image used to run Go for `go-build` <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/golang:bookworm` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_IMAGE) |
| `test-image` / `GO_TEST_IMAGE` | The Docker image used to run Go for `go-test` <br/>:warning: **set the version required by your project** | _none_ | | `test-image` / `GO_TEST_IMAGE` | The Docker image used to run Go for `go-test` <br/>:warning: **set the version required by your project** | _none_ |
| `project-dir` / `GO_PROJECT_DIR` | Go project root directory | `.` | | `project-dir` / `GO_PROJECT_DIR` | Go project root directory | `.` |
| `goproxy` / `GOPROXY` | URL of Go module proxy | _none_ | | `goproxy` / `GOPROXY` | URL of Go module proxy | _none_ |
...@@ -163,7 +163,7 @@ It is bound to the `build` stage, and uses the following variables: ...@@ -163,7 +163,7 @@ It is bound to the `build` stage, and uses the following variables:
| Input / Variable | Description | Default value | | Input / Variable | Description | Default value |
|-----------------------|----------------------------------------------------------------------------------------------------------|----------------------------------------| |-----------------------|----------------------------------------------------------------------------------------------------------|----------------------------------------|
| `ci-lint-image` / `GO_CI_LINT_IMAGE` | The Docker image used to run `golangci-lint` | `registry.hub.docker.com/golangci/golangci-lint:latest-alpine` | | `ci-lint-image` / `GO_CI_LINT_IMAGE` | The Docker image used to run `golangci-lint` | `registry.hub.docker.com/golangci/golangci-lint:latest-alpine` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_CI_LINT_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_CI_LINT_IMAGE) |
| `ci-lint-args` / `GO_CI_LINT_ARGS` | `golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options) | `-E gosec,goimports ./...` | | `ci-lint-args` / `GO_CI_LINT_ARGS` | `golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options) | `-E gosec,goimports ./...` |
| `ci-lint-disabled` / `GO_CI_LINT_DISABLED` | Set to `true` to disable this job | _none_ (enabled) | | `ci-lint-disabled` / `GO_CI_LINT_DISABLED` | Set to `true` to disable this job | _none_ (enabled) |
...@@ -183,7 +183,7 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -183,7 +183,7 @@ It is bound to the `test` stage, and uses the following variables:
| Input / Variable | Description | Default Value | | Input / Variable | Description | Default Value |
| ---------------- | ----------- | ------------- | | ---------------- | ----------- | ------------- |
| `semgrep-disabled` / `GO_SEMGREP_DISABLED` | Set to `true` to disable this job | _none_ | | `semgrep-disabled` / `GO_SEMGREP_DISABLED` | Set to `true` to disable this job | _none_ |
| `semgrep-image` / `GO_SEMGREP_IMAGE` | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` | | `semgrep-image` / `GO_SEMGREP_IMAGE` | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_SEMGREP_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_SEMGREP_IMAGE) |
| `semgrep-args` / `GO_SEMGREP_ARGS` | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check` | | `semgrep-args` / `GO_SEMGREP_ARGS` | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check` |
| `semgrep-rules` / `GO_SEMGREP_RULES` | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Segmrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/golang p/gosec` | | `semgrep-rules` / `GO_SEMGREP_RULES` | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Segmrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/golang p/gosec` |
| `semgrep-download-rules-enabled` / `GO_SEMGREP_DOWNLOAD_RULES_ENABLED` | Download Semgrep remote rules | `true` | | `semgrep-download-rules-enabled` / `GO_SEMGREP_DOWNLOAD_RULES_ENABLED` | Download Semgrep remote rules | `true` |
...@@ -257,7 +257,7 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -257,7 +257,7 @@ It is bound to the `test` stage, and uses the following variables:
| --------------------- | -------------------------------------- | ----------------- | | --------------------- | -------------------------------------- | ----------------- |
| `sbom-disabled` / `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `sbom-disabled` / `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `GO_SBOM_DISABLED` takes precedence | `onrelease` | | `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `GO_SBOM_DISABLED` takes precedence | `onrelease` |
| `sbom-image` / `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` | | `sbom-image` / `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_SBOM_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_SBOM_IMAGE) |
| `sbom-opts` / `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` | | `sbom-opts` / `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` |
:warning: if you don't have your main class located at the root of your `GO_PROJECT_DIR`, then you will need to override the `-main` option in `GO_SBOM_OPTS` and define your real main class location. :warning: if you don't have your main class located at the root of your `GO_PROJECT_DIR`, then you will need to override the `-main` option in `GO_SBOM_OPTS` and define your real main class location.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment