From d9e867952d5a2040037c5cb03456380b976219af Mon Sep 17 00:00:00 2001 From: Bertrand Goareguer <bertrand.goareguer@gmail.com> Date: Mon, 29 Apr 2024 14:40:31 +0000 Subject: [PATCH] refactor(Trivy): py-trivy job is enabled by default BREAKING CHANGE: py-trivy job is enabled by default 'trivy-enabled' input is no longer supported - use 'trivy-disabled' instead --- README.md | 2 +- kicker.json | 2 +- templates/gitlab-ci-python.yml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c44ab6a..aae8fdd 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,7 @@ It is bound to the `test` stage, and uses the following variables: | Input / Variable | Description | Default value | | ---------------- | ----------------------------------------------------------------------- | ----------------- | -| `trivy-enabled` / `PYTHON_TRIVY_ENABLED` | Set to `true` to enable Trivy job | _none_ (disabled) | +| `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job | _none_ (enabled) | | `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ | | `trivy-args` / `PYTHON_TRIVY_ARGS` | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/) | `--vuln-type library` | diff --git a/kicker.json b/kicker.json index 5040247..bccbcb0 100644 --- a/kicker.json +++ b/kicker.json @@ -135,7 +135,7 @@ "id": "trivy", "name": "Trivy", "description": "Detect security vulnerabilities with [Trivy](https://github.com/aquasecurity/trivy/) (dependencies analysis)", - "enable_with": "PYTHON_TRIVY_ENABLED", + "disable_with": "PYTHON_TRIVY_DISABLED", "variables": [ { "name": "PYTHON_TRIVY_DIST_URL", diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml index e4ac892..fa13cb9 100644 --- a/templates/gitlab-ci-python.yml +++ b/templates/gitlab-ci-python.yml @@ -96,8 +96,8 @@ spec: bandit-args: description: Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage) default: --recursive . - trivy-enabled: - description: Enable Trivy + trivy-disabled: + description: Disable Trivy type: boolean default: false trivy-dist-url: @@ -248,7 +248,7 @@ variables: BANDIT_ARGS: $[[ inputs.bandit-args ]] # Trivy tool - PYTHON_TRIVY_ENABLED: $[[ inputs.trivy-enabled ]] + PYTHON_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]] PYTHON_TRIVY_DIST_URL: $[[ inputs.trivy-dist-url ]] PYTHON_TRIVY_ARGS: $[[ inputs.trivy-args ]] @@ -1226,7 +1226,7 @@ py-trivy: - "$PYTHON_PROJECT_DIR/reports/requirements.txt" rules: # exclude if $PYTHON_TRIVY_ENABLED not set - - if: '$PYTHON_TRIVY_ENABLED != "true"' + - if: '$PYTHON_TRIVY_DISABLED == "true"' when: never - !reference [.test-policy, rules] -- GitLab