From 966148aed96d08ada6e6a41467528d1fd08e0e67 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 18 Jan 2023 22:22:39 +0000 Subject: [PATCH] update scan command --- Jenkinsfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index ba7b33e..fb03d7e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -97,8 +97,11 @@ pipeline { // Scan container for all vulnerability levels echo "Scanning for all vulnerabilities..." sh 'mkdir -p reports' - sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}" - sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64" + #sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}" + #2 scans below are temp (os scan only, no lib scan), while timeout issues are worked + sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}" + #sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64" + sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64" publishHTML target : [ allowMissing: true, alwaysLinkToLastBuild: true,