[extensions-web/devops/trivy] ci: move away from safety to trivy

From: Yuri Konotopov <ykonotopov src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web/devops/trivy] ci: move away from safety to trivy
Date: Tue, 8 Mar 2022 10:14:49 +0000 (UTC)


commit cc19b280d8cd0e7cadfd8f9260177c4317998e68
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Tue Mar 8 14:09:37 2022 +0400

    ci: move away from safety to trivy

 .gitlab-ci.yml | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2984bf..26d030f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,13 +33,20 @@ test:
           - '3.10'
 
 security:
-  extends:
-    - .pip cache
   stage: test
-  image: python:$PYTHON_VERSION
-  before_script:
-    - pip install safety
+  image:
+    name: aquasec/trivy
+    entrypoint: [""]
   script:
-    - safety check -r requirements.txt
-    - safety check -r requirements.ego.txt
+    - trivy fs .
   allow_failure: true
+  cache:
+    paths:
+      - .trivy
+    when: always
+  variables:
+    TRIVY_CACHE_DIR: .trivy
+    TRIVY_EXIT_CODE: 1
+    TRIVY_SECURITY_CHECKS: vuln,config
+    # This is single-run job so we do not care of k8s recomendations
+    TRIVY_SKIP_FILES: openshift/jobs/reindex-extensions.yml

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]