Scan images using trivy

SUSE · Aug 15, 2023 · e613616 · e613616
1 parent 06fb816
commit e613616
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/tests/test_all.py b/tests/test_all.py
@@ -11,6 +11,7 @@
 from pytest_container import get_extra_run_args
 from pytest_container import MultiStageBuild
 from pytest_container.container import ContainerData
+from pytest_container.runtime import LOCALHOST
 
 from bci_tester.data import ALL_CONTAINERS
 from bci_tester.data import BUSYBOX_CONTAINER
@@ -20,6 +21,7 @@
 from bci_tester.data import OS_VERSION
 from bci_tester.data import PCP_CONTAINER
 from bci_tester.data import POSTGRESQL_CONTAINERS
+from bci_tester.runtime_choice import DOCKER_SELECTED
 
 CONTAINER_IMAGES = ALL_CONTAINERS
 
@@ -172,6 +174,28 @@ def test_zypper_verify_passes(container_per_test: ContainerData) -> None:
     )
 
 
+@pytest.mark.skipif(
+    DOCKER_SELECTED, reason="Trivy-Scan images only with podman"
+)
+@pytest.mark.skipif(
+    LOCALHOST.system_info.arch not in ("x86_64",),
+    reason=f"{LOCALHOST.system_info.arch} is not supported to run trivy",
+)
+def test_trivy_image_scan(host, auto_container):
+    """Check that trivy image is able to scan the container."""
+
+    trivy_container = "docker.io/aquasec/trivy:latest"
+    host.run_expect(
+        [0],
+        (
+            f"podman run -v trivy:/root {trivy_container} image "
+            f"{auto_container.image_url_or_id} "
+            "--exit-code 1 --exit-on-eol 2 -f template "
+            "--template '@contrib/sarif.tpl'"
+        ),
+    )
+
+
 @pytest.mark.parametrize(
     "container",
     [