From ab601310c6ef381d1852e0f84a9843cba886f8a9 Mon Sep 17 00:00:00 2001
From: mchyzer <mchyzer@isc.upenn.edu>
Date: Thu, 17 Oct 2024 04:52:24 -0400
Subject: [PATCH] dont scan
---
Jenkinsfile | 56 ++++++++++++++++++++++++++---------------------------
1 file changed, 28 insertions(+), 28 deletions(-)
diff --git a/Jenkinsfile b/Jenkinsfile
index e0d2e94..5e8dbc9 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -90,34 +90,34 @@ pipeline {
steps {
script {
try {
- echo "Starting security scan..."
- // Install trivy and HTML template
- sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
- sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
-
- // Scan container for all vulnerability levels
- echo "Scanning for all vulnerabilities..."
- sh 'mkdir -p reports'
- sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
- sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
- publishHTML target : [
- allowMissing: true,
- alwaysLinkToLastBuild: true,
- keepAll: true,
- reportDir: 'reports',
- reportFiles: 'container-scan.html',
- reportName: 'Security Scan',
- reportTitles: 'Security Scan'
- ]
- publishHTML target : [
- allowMissing: true,
- alwaysLinkToLastBuild: true,
- keepAll: true,
- reportDir: 'reports',
- reportFiles: 'container-scan-arm.html',
- reportName: 'Security Scan (ARM)',
- reportTitles: 'Security Scan (ARM)'
- ]
+// echo "Starting security scan..."
+// // Install trivy and HTML template
+// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
+// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
+//
+// // Scan container for all vulnerability levels
+// echo "Scanning for all vulnerabilities..."
+// sh 'mkdir -p reports'
+// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
+// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
+// publishHTML target : [
+// allowMissing: true,
+// alwaysLinkToLastBuild: true,
+// keepAll: true,
+// reportDir: 'reports',
+// reportFiles: 'container-scan.html',
+// reportName: 'Security Scan',
+// reportTitles: 'Security Scan'
+// ]
+// publishHTML target : [
+// allowMissing: true,
+// alwaysLinkToLastBuild: true,
+// keepAll: true,
+// reportDir: 'reports',
+// reportFiles: 'container-scan-arm.html',
+// reportName: 'Security Scan (ARM)',
+// reportTitles: 'Security Scan (ARM)'
+// ]
// Scan again and fail on CRITICAL vulns
//below can be temporarily commented to prevent build from failing
//echo "Scanning for CRITICAL vulnerabilities only (fatal)..."