[extensions-web/devops/trivy] ci: move away from safety to trivy

From: Yuri Konotopov <ykonotopov src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web/devops/trivy] ci: move away from safety to trivy
Date: Tue, 8 Mar 2022 10:13:39 +0000 (UTC)


commit 940ff23acd169ee7fe0e90cc4219f1b8d128389c
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Tue Mar 8 14:09:37 2022 +0400

    ci: move away from safety to trivy

 .gitlab-ci.yml | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2984bf..2d33e9b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,13 +33,22 @@ test:
           - '3.10'
 
 security:
-  extends:
-    - .pip cache
   stage: test
-  image: python:$PYTHON_VERSION
+  image:
+    name: aquasec/trivy
+    entrypoint: [""]
   before_script:
     - pip install safety
   script:
-    - safety check -r requirements.txt
-    - safety check -r requirements.ego.txt
+    - trivy fs .
   allow_failure: true
+  cache:
+    paths:
+      - .trivy
+    when: always
+  variables:
+    TRIVY_CACHE_DIR: .trivy
+    TRIVY_EXIT_CODE: 1
+    TRIVY_SECURITY_CHECKS: vuln,config
+    # This is single-run job so we do not care of k8s recomendations
+    TRIVY_SKIP_FILES: openshift/jobs/reindex-extensions.yml

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]