diff --git a/README.md b/README.md index c44ab6a8e95294aaf69d3eeb30682c5bdbccdfff..aae8fdd3a587c8dc752633e029cdff33d9513609 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,7 @@ It is bound to the `test` stage, and uses the following variables: | Input / Variable | Description | Default value | | ---------------- | ----------------------------------------------------------------------- | ----------------- | -| `trivy-enabled` / `PYTHON_TRIVY_ENABLED` | Set to `true` to enable Trivy job | _none_ (disabled) | +| `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job | _none_ (enabled) | | `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ | | `trivy-args` / `PYTHON_TRIVY_ARGS` | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/) | `--vuln-type library` | diff --git a/kicker.json b/kicker.json index 504024701bc5019f9e46120a60a4879010880cf0..bccbcb08e6e04d8178a287d267d1051174478df2 100644 --- a/kicker.json +++ b/kicker.json @@ -135,7 +135,7 @@ "id": "trivy", "name": "Trivy", "description": "Detect security vulnerabilities with [Trivy](https://github.com/aquasecurity/trivy/) (dependencies analysis)", - "enable_with": "PYTHON_TRIVY_ENABLED", + "disable_with": "PYTHON_TRIVY_DISABLED", "variables": [ { "name": "PYTHON_TRIVY_DIST_URL", diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml index e4ac89223d8599d1050dfe3e513614028106066c..fa13cb922fecffb8d304df7d1cc37c6171414dd2 100644 --- a/templates/gitlab-ci-python.yml +++ b/templates/gitlab-ci-python.yml @@ -96,8 +96,8 @@ spec: bandit-args: description: Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage) default: --recursive . - trivy-enabled: - description: Enable Trivy + trivy-disabled: + description: Disable Trivy type: boolean default: false trivy-dist-url: @@ -248,7 +248,7 @@ variables: BANDIT_ARGS: $[[ inputs.bandit-args ]] # Trivy tool - PYTHON_TRIVY_ENABLED: $[[ inputs.trivy-enabled ]] + PYTHON_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]] PYTHON_TRIVY_DIST_URL: $[[ inputs.trivy-dist-url ]] PYTHON_TRIVY_ARGS: $[[ inputs.trivy-args ]] @@ -1226,7 +1226,7 @@ py-trivy: - "$PYTHON_PROJECT_DIR/reports/requirements.txt" rules: # exclude if $PYTHON_TRIVY_ENABLED not set - - if: '$PYTHON_TRIVY_ENABLED != "true"' + - if: '$PYTHON_TRIVY_DISABLED == "true"' when: never - !reference [.test-policy, rules]