[extensions-web/devops/trivy] ci: move away from safety to trivy
- From: Yuri Konotopov <ykonotopov src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [extensions-web/devops/trivy] ci: move away from safety to trivy
- Date: Tue, 8 Mar 2022 10:20:25 +0000 (UTC)
commit 456a44bd18e5521f095fe66b6d1c322ce342696a
Author: Yuri Konotopov <ykonotopov gnome org>
Date: Tue Mar 8 14:09:37 2022 +0400
ci: move away from safety to trivy
.gitlab-ci.yml | 21 ++++++++++++++-------
.trivyignore | 2 ++
2 files changed, 16 insertions(+), 7 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2984bf..53d5e82 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,13 +33,20 @@ test:
- '3.10'
security:
- extends:
- - .pip cache
stage: test
- image: python:$PYTHON_VERSION
- before_script:
- - pip install safety
+ image:
+ name: aquasec/trivy
+ entrypoint: [""]
script:
- - safety check -r requirements.txt
- - safety check -r requirements.ego.txt
+ - trivy fs .
allow_failure: true
+ cache:
+ paths:
+ - .trivy
+ when: always
+ variables:
+ TRIVY_CACHE_DIR: .trivy
+ TRIVY_EXIT_CODE: 1
+ TRIVY_SECURITY_CHECKS: vuln,config
+ # This is single-run job so we do not care of k8s recommendations
+ TRIVY_SKIP_FILES: openshift/jobs/reindex-extensions.yml
diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 0000000..c60ec23
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,2 @@
+# We don't ready to migrate to non-root images
+DS002
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]