Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
0cd397afbf | ||
|
|
b43daad0c3 | ||
|
|
dedfa59531 | ||
|
|
f96f79aa22 | ||
|
|
82ec0dd604 |
Vendored
+1
-1
@@ -1,7 +1,7 @@
|
||||
name: "build"
|
||||
on: [push, pull_request]
|
||||
env:
|
||||
TRIVY_VERSION: 0.40.0
|
||||
TRIVY_VERSION: 0.42.1
|
||||
BATS_LIB_PATH: '/usr/lib/'
|
||||
jobs:
|
||||
build:
|
||||
|
||||
+1
-1
@@ -1,4 +1,4 @@
|
||||
FROM ghcr.io/aquasecurity/trivy:0.40.0
|
||||
FROM ghcr.io/aquasecurity/trivy:0.42.1
|
||||
COPY entrypoint.sh /
|
||||
RUN apk --no-cache add bash curl npm
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
+5
-1
@@ -105,6 +105,7 @@ if [ $template ] ;then
|
||||
fi
|
||||
if [ $exitCode ];then
|
||||
ARGS="$ARGS --exit-code $exitCode"
|
||||
SARIF_ARGS="$SARIF_ARGS --exit-code $exitCode"
|
||||
fi
|
||||
if [ "$ignoreUnfixed" == "true" ] && [ "$scanType" != "config" ];then
|
||||
ARGS="$ARGS --ignore-unfixed"
|
||||
@@ -169,6 +170,8 @@ if [ "$skipFiles" ];then
|
||||
fi
|
||||
|
||||
trivyConfig=$(echo $trivyConfig | tr -d '\r')
|
||||
# To make sure that uploda GitHub Dependency Snapshot succeeds, disable the script that fails first.
|
||||
set +e
|
||||
if [ "${format}" == "sarif" ] && [ "${limitSeveritiesForSARIF}" != "true" ]; then
|
||||
# SARIF is special. We output all vulnerabilities,
|
||||
# regardless of severity level specified in this report.
|
||||
@@ -177,7 +180,7 @@ if [ "${format}" == "sarif" ] && [ "${limitSeveritiesForSARIF}" != "true" ]; the
|
||||
trivy --quiet ${scanType} --format sarif --output ${output} $SARIF_ARGS ${artifactRef}
|
||||
elif [ $trivyConfig ]; then
|
||||
echo "Running Trivy with trivy.yaml config from: " $trivyConfig
|
||||
trivy --config $trivyConfig ${scanType} ${artifactRef}
|
||||
trivy --config $trivyConfig ${ARGS} ${scanType} ${artifactRef}
|
||||
returnCode=$?
|
||||
else
|
||||
echo "Running trivy with options: trivy ${scanType} ${ARGS}" "${artifactRef}"
|
||||
@@ -186,6 +189,7 @@ else
|
||||
returnCode=$?
|
||||
fi
|
||||
|
||||
set -e
|
||||
if [[ "${format}" == "github" ]]; then
|
||||
if [[ "$(echo $githubPAT | xargs)" != "" ]]; then
|
||||
printf "\n Uploading GitHub Dependency Snapshot"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"version": "2.1.0",
|
||||
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
|
||||
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
|
||||
"runs": [
|
||||
{
|
||||
"tool": {
|
||||
@@ -64,7 +64,7 @@
|
||||
}
|
||||
}
|
||||
],
|
||||
"version": "0.40.0"
|
||||
"version": "0.42.1"
|
||||
}
|
||||
},
|
||||
"results": [
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"version": "2.1.0",
|
||||
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
|
||||
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
|
||||
"runs": [
|
||||
{
|
||||
"tool": {
|
||||
@@ -37,7 +37,7 @@
|
||||
}
|
||||
}
|
||||
],
|
||||
"version": "0.40.0"
|
||||
"version": "0.42.1"
|
||||
}
|
||||
},
|
||||
"results": [
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
vulnerability:
|
||||
type: os
|
||||
output: yamlconfig.test
|
||||
@@ -81,3 +81,11 @@ bats_load_library bats-file
|
||||
echo "$output"
|
||||
assert_files_equal yamlconfig.test ./test/data/yamlconfig.test
|
||||
}
|
||||
|
||||
@test "trivy image with trivy.yaml config and args" {
|
||||
# trivy --config=./test/data/trivy-reduced.yaml image alpine:3.10
|
||||
run ./entrypoint.sh "-v ./test/data/trivy-reduced.yaml" "-a image" "-i alpine:3.10" "-b json" "-g CRITICAL"
|
||||
run diff yamlconfig.test ./test/data/yamlconfig.test
|
||||
echo "$output"
|
||||
assert_files_equal yamlconfig.test ./test/data/yamlconfig.test
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user