refactor(Trivy): py-trivy job is enabled by default

BREAKING CHANGE: py-trivy job is enabled by default 'trivy-enabled' input is no longer supported - use 'trivy-disabled' instead

refactor(Trivy): py-trivy job is enabled by default
d9e86795 · Bertrand Goareguer · Pierre Smeyers · b9a89e5e · d9e86795 · d9e86795
Commit d9e86795 authored 1 year ago by Bertrand Goareguer Committed by Pierre Smeyers 1 year ago
--- a/README.md
+++ b/README.md
@@ -242,7 +242,7 @@ It is bound to the `test` stage, and uses the following variables:

 | Input / Variable | Description                                                             | Default value     |
 | ---------------- | ----------------------------------------------------------------------- | ----------------- |
-| `trivy-enabled` / `PYTHON_TRIVY_ENABLED` | Set to `true` to enable Trivy job                                 | _none_ (disabled) |
+| `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job                                 | _none_ (enabled) |
 | `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |
 | `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/) | `--vuln-type library`   |


--- a/kicker.json
+++ b/kicker.json
@@ -135,7 +135,7 @@
      "id": "trivy",
      "name": "Trivy",
      "description": "Detect security vulnerabilities with [Trivy](https://github.com/aquasecurity/trivy/) (dependencies analysis)",
-      "enable_with": "PYTHON_TRIVY_ENABLED",
+      "disable_with": "PYTHON_TRIVY_DISABLED",
      "variables": [
        {
          "name": "PYTHON_TRIVY_DIST_URL",

--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -96,8 +96,8 @@ spec:
    bandit-args:
      description: Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)
      default: --recursive .
-    trivy-enabled:
-      description: Enable Trivy
+    trivy-disabled:
+      description: Disable Trivy
      type: boolean
      default: false
    trivy-dist-url:
@@ -248,7 +248,7 @@ variables:
  BANDIT_ARGS: $[[ inputs.bandit-args ]]

  # Trivy tool
-  PYTHON_TRIVY_ENABLED: $[[ inputs.trivy-enabled ]]
+  PYTHON_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]]
  PYTHON_TRIVY_DIST_URL: $[[ inputs.trivy-dist-url ]]
  PYTHON_TRIVY_ARGS: $[[ inputs.trivy-args ]]

@@ -1226,7 +1226,7 @@ py-trivy:
      - "$PYTHON_PROJECT_DIR/reports/requirements.txt"
  rules:
    # exclude if $PYTHON_TRIVY_ENABLED not set
-    - if: '$PYTHON_TRIVY_ENABLED != "true"'
+    - if: '$PYTHON_TRIVY_DISABLED == "true"'
      when: never
    - !reference [.test-policy, rules]