Skip to content

Commit

Permalink
remove sudo from trivy install
Browse files Browse the repository at this point in the history
  • Loading branch information
@pcaskey
pcaskey committed Nov 3, 2022
1 parent 093b295 commit afcd5c4
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,8 @@ pipeline {
try {
echo "Starting security scan..."
// Install trivy and HTML template
sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.31.1'
// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.31.1'
sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'

// Scan container for all vulnerability levels
Expand All @@ -113,10 +114,10 @@ pipeline {
]

// Scan again and fail on CRITICAL vulns
//below is temporarily commented to prevent build from failing
//echo "Scanning for CRITICAL vulnerabilities only..."
//sh 'trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${maintainer}/${imagename}:latest'
echo "Skipping scan for CRITICAL vulnerabilities (temporary)..."
//below can be temporarily commented to prevent build from failing
echo "Scanning for CRITICAL vulnerabilities onlyi (fatal)..."
sh 'trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${maintainer}/${imagename}:latest'
//echo "Skipping scan for CRITICAL vulnerabilities (temporary)..."
} catch(error) {
def error_details = readFile('./debug');
def message = "BUILD ERROR: There was a problem scanning ${imagename}:${tag}. \n\n ${error_details}"
Expand Down

0 comments on commit afcd5c4

Please sign in to comment.