From afcd5c41039cf814402e5da537416d7e9a0939c4 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 3 Nov 2022 14:41:22 +0000 Subject: [PATCH] remove sudo from trivy install --- Jenkinsfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c519310..827d490 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -95,7 +95,8 @@ pipeline { try { echo "Starting security scan..." // Install trivy and HTML template - sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.31.1' + // sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.31.1' + sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1' sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl' // Scan container for all vulnerability levels @@ -113,10 +114,10 @@ pipeline { ] // Scan again and fail on CRITICAL vulns - //below is temporarily commented to prevent build from failing - //echo "Scanning for CRITICAL vulnerabilities only..." - //sh 'trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${maintainer}/${imagename}:latest' - echo "Skipping scan for CRITICAL vulnerabilities (temporary)..." + //below can be temporarily commented to prevent build from failing + echo "Scanning for CRITICAL vulnerabilities onlyi (fatal)..." + sh 'trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${maintainer}/${imagename}:latest' + //echo "Skipping scan for CRITICAL vulnerabilities (temporary)..." } catch(error) { def error_details = readFile('./debug'); def message = "BUILD ERROR: There was a problem scanning ${imagename}:${tag}. \n\n ${error_details}"