mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
30 lines
1.3 KiB
YAML
30 lines
1.3 KiB
YAML
Trivy_container_scanning:
|
|
stage: test
|
|
image:
|
|
name: alpine:3.11
|
|
variables:
|
|
# Override the GIT_STRATEGY variable in your `.gitlab-ci.yml` file and set it to `fetch` if you want to provide a `clair-whitelist.yml`
|
|
# file. See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
|
|
# for details
|
|
GIT_STRATEGY: none
|
|
IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"
|
|
allow_failure: true
|
|
before_script:
|
|
- export TRIVY_VERSION=${TRIVY_VERSION:-v0.19.2}
|
|
- apk add --no-cache curl docker-cli
|
|
- curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
|
|
- curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/${TRIVY_VERSION}/contrib/gitlab.tpl
|
|
- trivy registry login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
|
script:
|
|
- trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/tmp/trivy-gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
|
|
cache:
|
|
paths:
|
|
- .trivycache/
|
|
artifacts:
|
|
reports:
|
|
container_scanning: gl-container-scanning-report.json
|
|
dependencies: []
|
|
only:
|
|
refs:
|
|
- branches
|