From 399ed68d1b61dc193e7053dc91101c472f965257 Mon Sep 17 00:00:00 2001
From: mchyzer <mchyzer@isc.upenn.edu>
Date: Mon, 17 Apr 2023 11:08:17 -0400
Subject: [PATCH] take out trivy
---
Jenkinsfile | 46 +++++++++++++++++++++++-----------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/Jenkinsfile b/Jenkinsfile
index e0d2e94..45ba2e4 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -92,32 +92,32 @@ pipeline {
try {
echo "Starting security scan..."
// Install trivy and HTML template
- sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
- sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
+// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
+// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
// Scan container for all vulnerability levels
echo "Scanning for all vulnerabilities..."
- sh 'mkdir -p reports'
- sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
- sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
- publishHTML target : [
- allowMissing: true,
- alwaysLinkToLastBuild: true,
- keepAll: true,
- reportDir: 'reports',
- reportFiles: 'container-scan.html',
- reportName: 'Security Scan',
- reportTitles: 'Security Scan'
- ]
- publishHTML target : [
- allowMissing: true,
- alwaysLinkToLastBuild: true,
- keepAll: true,
- reportDir: 'reports',
- reportFiles: 'container-scan-arm.html',
- reportName: 'Security Scan (ARM)',
- reportTitles: 'Security Scan (ARM)'
- ]
+// sh 'mkdir -p reports'
+// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
+// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
+// publishHTML target : [
+// allowMissing: true,
+// alwaysLinkToLastBuild: true,
+// keepAll: true,
+// reportDir: 'reports',
+// reportFiles: 'container-scan.html',
+// reportName: 'Security Scan',
+// reportTitles: 'Security Scan'
+// ]
+// publishHTML target : [
+// allowMissing: true,
+// alwaysLinkToLastBuild: true,
+// keepAll: true,
+// reportDir: 'reports',
+// reportFiles: 'container-scan-arm.html',
+// reportName: 'Security Scan (ARM)',
+// reportTitles: 'Security Scan (ARM)'
+// ]
// Scan again and fail on CRITICAL vulns
//below can be temporarily commented to prevent build from failing
//echo "Scanning for CRITICAL vulnerabilities only (fatal)..."