Commit da7cd6ca authored by Bengt Giger's avatar Bengt Giger
Browse files

Skip trivy secrets check due to timeout

parent 6831fce3
Pipeline #137212 failed with stages
in 7 minutes and 15 seconds
......@@ -49,14 +49,14 @@ Trivy scan:
# update vulnerabilities db
- time trivy --cache-dir .trivycache/ image --download-db-only --no-progress
# Builds report and puts it in the default workdir $CI_PROJECT_DIR, so `artifacts:` can take it from there
- time trivy --cache-dir .trivycache/ image --exit-code 0 --no-progress --format template --template "@/contrib/gitlab.tpl"
- time trivy --cache-dir .trivycache/ image --security-checks vuln --exit-code 0 --no-progress --format template --template "@/contrib/gitlab.tpl"
--output "$CI_PROJECT_DIR/gl-container-scanning-report.json" "$FULL_IMAGE_NAME"
# Prints full report
- time trivy --cache-dir .trivycache/ image --exit-code 0 --no-progress "$FULL_IMAGE_NAME"
- time trivy --cache-dir .trivycache/ image --security-checks vuln --exit-code 0 --no-progress "$FULL_IMAGE_NAME"
# Fails on high and critical vulnerabilities
# Backported in Ubuntu 20.04
- echo "CVE-2019-0228" > .trivyignore
- time trivy --cache-dir .trivycache/ image --exit-code 1 --severity CRITICAL --no-progress "$FULL_IMAGE_NAME"
- time trivy --cache-dir .trivycache/ image --security-checks vuln --exit-code 1 --severity CRITICAL --no-progress "$FULL_IMAGE_NAME"
cache:
paths:
- .trivycache/
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment