Skip to content

Commit

Permalink
another scan tweak
Browse files Browse the repository at this point in the history
  • Loading branch information
@pcaskey
pcaskey committed Jan 18, 2023
1 parent 0437409 commit 82a7bb9
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,11 @@ pipeline {
// Scan again and fail on CRITICAL vulns
//below can be temporarily commented to prevent build from failing
echo "Scanning for CRITICAL vulnerabilities only (fatal)..."
sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}"
sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}:arm64"
// 2 scans below are temp (os scan only, no lib scan), while timeout issues are worked
// sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}"
// sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}:arm64"
sh "trivy image --ignore-unfixed --vuln-type os --exit-code 1 --severity CRITICAL ${imagename}_${tag}"
sh "trivy image --ignore-unfixed --vuln-type os --exit-code 1 --severity CRITICAL ${imagename}_${tag}:arm64"
//echo "Skipping scan for CRITICAL vulnerabilities (temporary)..."
} catch(error) {
def error_details = readFile('./debug');
Expand Down

0 comments on commit 82a7bb9

Please sign in to comment.