Skip to content

Commit

Permalink
Attempt trivy workaround, https://gitlab.met.no/team-punkt/hydra/leke…
Browse files Browse the repository at this point in the history 
…stue/edrisobaric/-/issues/31
  • Loading branch information
@ways
ways committed Oct 18, 2024
1 parent b229d56 commit e63e1d4
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions .gitlab-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,15 @@ unittests:
# cache cleanup is needed when scanning images with the same tags, it does not remove the database
- time trivy clean --scan-cache
# update vulnerabilities db
- time trivy image --download-db-only --no-progress
# TOOMANYREQUESTS problems, https://gitlab.met.no/team-punkt/hydra/lekestue/edrisobaric/-/issues/31
# - time trivy image --download-db-only --no-progress
# Builds report and puts it in the default workdir $CI_PROJECT_DIR, so `artifacts:` can take it from there
- time trivy image --exit-code 0 --no-progress --format template --template "@/contrib/junit.tpl"
--output "$CI_PROJECT_DIR/${CI_JOB_NAME}.xml" "$RELEASE_IMAGE_NAME"
- time trivy image \
--db-repository public.ecr.aws/aquasecurity/trivy-db \
--java-db-repository public.ecr.aws/aquasecurity/trivy-java-db \
--scanners vuln ghcr.io/cloudogu/gitops-playground:0.7.0 \
--exit-code 0 --no-progress --format template --template "@/contrib/junit.tpl" \
--output "$CI_PROJECT_DIR/${CI_JOB_NAME}.xml" "$RELEASE_IMAGE_NAME"
# Prints full report
- time trivy image --exit-code 0 --no-progress "$RELEASE_IMAGE_NAME"
# Fails on high and critical vulnerabilities
Expand Down

0 comments on commit e63e1d4

Please sign in to comment.