Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Loading status checks…
dont scan
@mchyzer
mchyzer committed Oct 17, 2024
1 parent 1b8a646 commit ab60131
Showing 1 changed file with 28 additions and 28 deletions.
56 changes: 28 additions & 28 deletions Jenkinsfile
View file
@@ -90,34 +90,34 @@ pipeline {
steps {
script {
try {
echo "Starting security scan..."
// Install trivy and HTML template
sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'

// Scan container for all vulnerability levels
echo "Scanning for all vulnerabilities..."
sh 'mkdir -p reports'
sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'container-scan.html',
reportName: 'Security Scan',
reportTitles: 'Security Scan'
]
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'container-scan-arm.html',
reportName: 'Security Scan (ARM)',
reportTitles: 'Security Scan (ARM)'
]
// echo "Starting security scan..."
// // Install trivy and HTML template
// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
//
// // Scan container for all vulnerability levels
// echo "Scanning for all vulnerabilities..."
// sh 'mkdir -p reports'
// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
// publishHTML target : [
// allowMissing: true,
// alwaysLinkToLastBuild: true,
// keepAll: true,
// reportDir: 'reports',
// reportFiles: 'container-scan.html',
// reportName: 'Security Scan',
// reportTitles: 'Security Scan'
// ]
// publishHTML target : [
// allowMissing: true,
// alwaysLinkToLastBuild: true,
// keepAll: true,
// reportDir: 'reports',
// reportFiles: 'container-scan-arm.html',
// reportName: 'Security Scan (ARM)',
// reportTitles: 'Security Scan (ARM)'
// ]
// Scan again and fail on CRITICAL vulns
//below can be temporarily commented to prevent build from failing
//echo "Scanning for CRITICAL vulnerabilities only (fatal)..."

0 comments on commit ab60131

Please sign in to comment.