[extensions-web/devops/trivy: 2/2] ci: move away from safety to trivy

From: Yuri Konotopov <ykonotopov src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web/devops/trivy: 2/2] ci: move away from safety to trivy
Date: Tue, 8 Mar 2022 10:10:01 +0000 (UTC)


commit 1e7c8b0b403193acfdd9d40f5a4340bb720d5f47
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Tue Mar 8 14:09:37 2022 +0400

    ci: move away from safety to trivy

 .gitlab-ci.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2984bf..fcc196e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,13 +33,20 @@ test:
           - '3.10'
 
 security:
-  extends:
-    - .pip cache
   stage: test
-  image: python:$PYTHON_VERSION
+  image: aquasec/trivy
   before_script:
     - pip install safety
   script:
-    - safety check -r requirements.txt
-    - safety check -r requirements.ego.txt
+    - trivy fs .
   allow_failure: true
+  cache:
+    paths:
+      - .trivy
+    when: always
+  variables:
+    TRIVY_CACHE_DIR: .trivy
+    TRIVY_EXIT_CODE: 1
+    TRIVY_SECURITY_CHECKS: vuln,config
+    # This is single-run job so we do not care of k8s recomendations
+    TRIVY_SKIP_FILES: openshift/jobs/reindex-extensions.yml

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]