diff --git a/README.md b/README.md index 3ef9325fc247772ff1dab6e6ecbbc2a942396555..2de10dc1040579b0cb671df31576f987d8c66c9c 100644 --- a/README.md +++ b/README.md @@ -228,7 +228,7 @@ It is bound to the `test` stage, and uses the following variables: | `bandit-enabled` / `BANDIT_ENABLED` | Set to `true` to enable Bandit analysis | _none_ (disabled) | | `bandit-args` / `BANDIT_ARGS` | Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage) | `--recursive .` | -In addition to a textual report in the console, this job produces the following reports, kept for one day: +In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher: | Report | Format | Usage | | -------------- | ---------------------------------------------------------------------------- | ----------------- | @@ -249,7 +249,7 @@ It is bound to the `test` stage, and uses the following variables: | `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ | | `trivy-args` / `PYTHON_TRIVY_ARGS` | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/) | `--ignore-unfixed --pkg-types library --detection-priority comprehensive` | -In addition to a textual report in the console, this job produces the following reports, kept for one day: +In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher: | Report | Format | Usage | | -------------- | ---------------------------------------------------------------------------- | ----------------- | diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml index 23d6de1bca10f34c5e24dbdf759c3afc788e2a93..93dad4ebfe471977c8203d6fe537fc169512bc2c 100644 --- a/templates/gitlab-ci-python.yml +++ b/templates/gitlab-ci-python.yml @@ -1234,6 +1234,7 @@ py-bandit: when: always name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day + access: developer paths: - "$PYTHON_PROJECT_DIR/reports/py-bandit.*" rules: @@ -1310,6 +1311,7 @@ py-trivy: artifacts: name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day + access: developer when: always paths: - "$PYTHON_PROJECT_DIR/reports/py-trivy.*"