Trivy

07b1743a · Virgile Gerecke · 60473155 · 07b1743a
Verified Commit 07b1743a authored 3 years ago by Virgile Gerecke
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,8 +7,28 @@ variables:
  CONTAINER_TEST_IMAGE: $CI_REGISTRY/docker/python3.9-ci:$CI_COMMIT_REF_NAME
  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY/docker/python3.9-ci:latest

-include:
-  - template: Security/Container-Scanning.gitlab-ci.yml
+scan image:
+  stage: scan
+  image:
+    name: aquasec/trivy
+    entrypoint: [""]
+  script:
+    - trivy --cache-dir .cache \
+      --exit-code 1 \
+      --severity HIGH,CRITICAL \
+      --format table --output report.md  \
+      --vuln-type os \
+      $CI_PROJECT_PATH_SLUG:$CI_COMMIT_SHORT_SHA
+  cache:
+    key: trivy-cache
+    paths:
+      - .cache
+  artifacts:
+      name: "Container Scan Report ${CI_COMMIT_SHA}"
+      paths:
+        - report.md
+      expire_in: 7 days
+      when: on_failure

 .build-image:
  image: