Skip to content
Snippets Groups Projects
Commit d9e86795 authored by Bertrand Goareguer's avatar Bertrand Goareguer Committed by Pierre Smeyers
Browse files

refactor(Trivy): py-trivy job is enabled by default

BREAKING CHANGE: py-trivy job is enabled by default
'trivy-enabled' input is no longer supported - use 'trivy-disabled' instead
parent b9a89e5e
No related branches found
No related tags found
No related merge requests found
......@@ -242,7 +242,7 @@ It is bound to the `test` stage, and uses the following variables:
| Input / Variable | Description | Default value |
| ---------------- | ----------------------------------------------------------------------- | ----------------- |
| `trivy-enabled` / `PYTHON_TRIVY_ENABLED` | Set to `true` to enable Trivy job | _none_ (disabled) |
| `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job | _none_ (enabled) |
| `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |
| `trivy-args` / `PYTHON_TRIVY_ARGS` | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/) | `--vuln-type library` |
......
......@@ -135,7 +135,7 @@
"id": "trivy",
"name": "Trivy",
"description": "Detect security vulnerabilities with [Trivy](https://github.com/aquasecurity/trivy/) (dependencies analysis)",
"enable_with": "PYTHON_TRIVY_ENABLED",
"disable_with": "PYTHON_TRIVY_DISABLED",
"variables": [
{
"name": "PYTHON_TRIVY_DIST_URL",
......
......@@ -96,8 +96,8 @@ spec:
bandit-args:
description: Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)
default: --recursive .
trivy-enabled:
description: Enable Trivy
trivy-disabled:
description: Disable Trivy
type: boolean
default: false
trivy-dist-url:
......@@ -248,7 +248,7 @@ variables:
BANDIT_ARGS: $[[ inputs.bandit-args ]]
# Trivy tool
PYTHON_TRIVY_ENABLED: $[[ inputs.trivy-enabled ]]
PYTHON_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]]
PYTHON_TRIVY_DIST_URL: $[[ inputs.trivy-dist-url ]]
PYTHON_TRIVY_ARGS: $[[ inputs.trivy-args ]]
......@@ -1226,7 +1226,7 @@ py-trivy:
- "$PYTHON_PROJECT_DIR/reports/requirements.txt"
rules:
# exclude if $PYTHON_TRIVY_ENABLED not set
- if: '$PYTHON_TRIVY_ENABLED != "true"'
- if: '$PYTHON_TRIVY_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment