Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Loading status checks…
take out trivy
@mchyzer
mchyzer committed Apr 17, 2023
1 parent 0fa7af2 commit 399ed68
Showing 1 changed file with 23 additions and 23 deletions.
46 changes: 23 additions & 23 deletions Jenkinsfile
View file
@@ -92,32 +92,32 @@ pipeline {
try {
echo "Starting security scan..."
// Install trivy and HTML template
sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'

// Scan container for all vulnerability levels
echo "Scanning for all vulnerabilities..."
sh 'mkdir -p reports'
sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'container-scan.html',
reportName: 'Security Scan',
reportTitles: 'Security Scan'
]
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'container-scan-arm.html',
reportName: 'Security Scan (ARM)',
reportTitles: 'Security Scan (ARM)'
]
// sh 'mkdir -p reports'
// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
// publishHTML target : [
// allowMissing: true,
// alwaysLinkToLastBuild: true,
// keepAll: true,
// reportDir: 'reports',
// reportFiles: 'container-scan.html',
// reportName: 'Security Scan',
// reportTitles: 'Security Scan'
// ]
// publishHTML target : [
// allowMissing: true,
// alwaysLinkToLastBuild: true,
// keepAll: true,
// reportDir: 'reports',
// reportFiles: 'container-scan-arm.html',
// reportName: 'Security Scan (ARM)',
// reportTitles: 'Security Scan (ARM)'
// ]
// Scan again and fail on CRITICAL vulns
//below can be temporarily commented to prevent build from failing
//echo "Scanning for CRITICAL vulnerabilities only (fatal)..."

0 comments on commit 399ed68

Please sign in to comment.