From d9e867952d5a2040037c5cb03456380b976219af Mon Sep 17 00:00:00 2001
From: Bertrand Goareguer <bertrand.goareguer@gmail.com>
Date: Mon, 29 Apr 2024 14:40:31 +0000
Subject: [PATCH] refactor(Trivy): py-trivy job is enabled by default

BREAKING CHANGE: py-trivy job is enabled by default
'trivy-enabled' input is no longer supported - use 'trivy-disabled' instead
---
 README.md                      | 2 +-
 kicker.json                    | 2 +-
 templates/gitlab-ci-python.yml | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index c44ab6a..aae8fdd 100644
--- a/README.md
+++ b/README.md
@@ -242,7 +242,7 @@ It is bound to the `test` stage, and uses the following variables:
 
 | Input / Variable | Description                                                             | Default value     |
 | ---------------- | ----------------------------------------------------------------------- | ----------------- |
-| `trivy-enabled` / `PYTHON_TRIVY_ENABLED` | Set to `true` to enable Trivy job                                 | _none_ (disabled) |
+| `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job                                 | _none_ (enabled) |
 | `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |
 | `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/) | `--vuln-type library`   |
 
diff --git a/kicker.json b/kicker.json
index 5040247..bccbcb0 100644
--- a/kicker.json
+++ b/kicker.json
@@ -135,7 +135,7 @@
       "id": "trivy",
       "name": "Trivy",
       "description": "Detect security vulnerabilities with [Trivy](https://github.com/aquasecurity/trivy/) (dependencies analysis)",
-      "enable_with": "PYTHON_TRIVY_ENABLED",
+      "disable_with": "PYTHON_TRIVY_DISABLED",
       "variables": [
         {
           "name": "PYTHON_TRIVY_DIST_URL",
diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml
index e4ac892..fa13cb9 100644
--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -96,8 +96,8 @@ spec:
     bandit-args:
       description: Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)
       default: --recursive .
-    trivy-enabled:
-      description: Enable Trivy
+    trivy-disabled:
+      description: Disable Trivy
       type: boolean
       default: false
     trivy-dist-url:
@@ -248,7 +248,7 @@ variables:
   BANDIT_ARGS: $[[ inputs.bandit-args ]]
 
   # Trivy tool
-  PYTHON_TRIVY_ENABLED: $[[ inputs.trivy-enabled ]]
+  PYTHON_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]]
   PYTHON_TRIVY_DIST_URL: $[[ inputs.trivy-dist-url ]]
   PYTHON_TRIVY_ARGS: $[[ inputs.trivy-args ]]
 
@@ -1226,7 +1226,7 @@ py-trivy:
       - "$PYTHON_PROJECT_DIR/reports/requirements.txt"
   rules:
     # exclude if $PYTHON_TRIVY_ENABLED not set
-    - if: '$PYTHON_TRIVY_ENABLED != "true"'
+    - if: '$PYTHON_TRIVY_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
 
-- 
GitLab