Commit 5c47db72 authored by Thomas Boni's avatar Thomas Boni
Browse files

normalize documentations

parent 52292f20
Loading
Loading
Loading
Loading
+18 −15
Original line number Diff line number Diff line
@@ -17,36 +17,39 @@ Mkdocs](https://squidfunk.github.io/mkdocs-material/) are ready to use.
    /mkdocs.yml # This is your configuration file
    /docs/      # This folder contains all your documentation markdown files
    ```
2. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting
   started](/getting-started)). You can use a specific version from [version
   list](#versions). Example with default (`latest`):
2. Choose a version in [version list](#versions)
3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting
   started](/getting-started)). Example:

    ```yaml
    include:
      - remote: 'https://jobs.go2scale.io/mkdocs.yml'
    ```
3. If you need set variables, see [Jobs
   customization](/getting-started#jobs-customization) section in
   getting started

## Jobs
4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs
   customization](/getting-started/#jobs-customization)

### Documentation
5. Well done, your job is ready to work ! 😀

Build HTML documentation from Makdown source using `Mkdocs`.
## Job details

* Job name: `mkdocs`
* Docker image:
[squidfunk/mkdocs-material](https://hub.docker.com/r/squidfunk/mkdocs-material)
* When: always
* Stage: build
* Artifacts:
    * Result of documentation build exposed as `Documentation`
* Variables:
[`squidfunk/mkdocs-material`](https://hub.docker.com/r/squidfunk/mkdocs-material)
* Default stage: `build`
* When: `always`

### Variables

| Name | Description | Default |
| ---- | ----------- | ------- |
| `DOCUMENTATION_DISABLE` | Disable build | |

### Artifacts

Result of documentation build is [exposed
as](https://docs.gitlab.com/ee/ci/yaml/#artifactsexpose_as) `Documentation` in
merge requests

## Versions

+11 −11
Original line number Diff line number Diff line
@@ -12,7 +12,7 @@ from previous job named `documentation`.
      documentation to publish as artifact. Example: [Mkdocs](/jobs/mkdocs/)

1. Choose a version in [version list](#versions)
2. Add the corresponding url to your `.gitlab-ci.yml` file (see [Getting
3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting
   started](/getting-started)). Example:

    ```yaml
@@ -20,20 +20,20 @@ from previous job named `documentation`.
      - remote: 'https://jobs.go2scale.io/pages.yml'
    ```

3. If you need set variables in jobs, use `variables` option in
   `.gitlab-ci.yml` file
4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs
   customization](/getting-started/#jobs-customization)

## Jobs
5. Well done, your job is ready to work ! 😀

### Pages

* Docker image: [ruby](https://hub.docker.com/_/ruby)
## Job details

* Job name: `pages`
* Docker image: [`ruby`](https://hub.docker.com/_/ruby)
* Stage: `deployment`
* When: only run on `master` branch
* Stage: deployment
* Artifacts:
    * Result of documentation from previous job. It's used as input for Gitlab
      pages
* Variables:

### Variables:

| Name | Description | Default |
| ---- | ----------- | ------- |
+29 −70
Original line number Diff line number Diff line
# 🧱 Trivy
# 🧱 Trivy image analysis

## Description

[Trivy](https://github.com/aquasecurity/trivy) is a Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI

##### By default, this job

* Is avaible for any edition of GitLab
* Is 100% autonom - you don't have any updates or config to do, but obviously you can change the values of the variables or configure your own script
* Analysis with [Trivy](https://github.com/aquasecurity/trivy) the GitLab's repo (image or/and filesystem) at every commit to detect vulnerabilities
* Displays a report in pipeline window and merge request (junit.xml format)
* Fails if at least one security issue is found
Run a security issue detection in a docker image using
[Trivy](https://github.com/aquasecurity/trivy), a Simple and Comprehensive
Vulnerability Scanner for Containers and other Artifacts. More details on Trivy
vulnerability detection capabilities are available in its official
[README](https://github.com/aquasecurity/trivy#vulnerability-detection)

!!! warning
    With the default configuration, this job will fail if errors are detected.
    It's the recommended configuration to reduce security risks in your
    software. You can disable this behaviour by setting the value `0` to the
    variable `TRIVY_EXIT_CODE`.

## How to use it

1. Please check supported OS and packages (see list below)
2. Please check variables config (see list below)
3. Add the corresponding url to your `.gitlab-ci.yml` file
1. Check supported OS and packages
   [here](https://github.com/aquasecurity/trivy#vulnerability-detection)
2. Choose a version in [version list](#versions)
3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting
   started](/getting-started)). Example:

    ```yaml
    include:
      - remote: 'https://jobs.go2scale.io/trivy.yml'
    ```

4. Well done, it's finished ! 😀
4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs
   customization](/getting-started/#jobs-customization)

5. Well done, your job is ready to work ! 😀

### Variables Description
## Job details

#### Main Variables
* Job name: `trivy_image`
* Docker image: [`docker`](https://hub.docker.com/_/docker)
* Default stage: `dynamic_tests`

### Variables

| VARIABLE NAME | DESCRIPTION | DEFAULT VALUE |
| ------------- | ----------- | ------------- |
@@ -43,12 +53,6 @@
| `TRIVY_FORMAT` | Format (table, json, template) | template |
| `TEMPLATE_NAME` | Name of used template | junit.tpl |
| `TRIVY_CLEAR_CACHE` | Clear image caches without scanning | false |


#### Secondary Variables

| VARIABLE NAME | DESCRIPTION | DEFAULT VALUE |
| ------------- | ----------- | ------------- |
| `TRIVY_IGNORE_UNFIXED` | Display only fixed vulnerabilities | false |
| `TRIVY_DEBUG` | Debug mode | false |
| `DOCKER_HOST` | Daemon socket to connect to | tcp://docker:2375 |
@@ -60,55 +64,10 @@
| `TRIVY_SKIP_UPDATE` | Skip vulnerability database update | false |
| `TRIVY_REMOVED_PKGS` | Detect vulns of Alpine removed packages | false |

### Artifacts

### Reports

By default we use [Junit](https://junit.org/junit5/)'s xml report

1. When you launch this Trivy job, a `junit.tpl` file is downloaded from [Trivy](https://github.com/aquasecurity/trivy)'s repo in current directory
2. This template is used to display report in pipeline window and merge request

##### Default reporting config

```yaml
  artifacts:
    reports:
      junit: junit-report.xml
    expire_in: 30 days
    when: always
```


### OS Packages Vulnerabilities Detection

| OS Packages                  | Supported Versions                       | Target Packages               | Detection of unfixed vulnerabilities |
| ---------------------------- | ---------------------------------------- | ----------------------------- | :----------------------------------: |
| `Alpine Linux`                | 2.2 - 2.7, 3.0 - 3.12                    |   apk                         |                  NO                  |
| `Red Hat Universal Base Image` | 7, 8                                     |   yum/rpm                     |                 YES                  |
| `Red Hat Enterprise Linux`     | 6, 7, 8                                  |   yum/rpm                     |                 YES                  |
| `CentOS`                       | 6, 7                                     |   yum/rpm                     |                 YES                  |
| `Oracle Linux`                 | 5, 6, 7, 8                               |   yum/rpm                     |                  NO                  |
| `Amazon Linux`                 | 1, 2                                     |   yum/rpm                     |                  NO                  |
| `openSUSE Leap`                | 42, 15                                   |   zypper/rpm                  |                  NO                  |
| `SUSE Enterprise Linux`       | 11, 12, 15                               |   zypper/rpm                  |                  NO                  |
| `Photon OS`                    | 1.0, 2.0, 3.0                            |   tdnf/yum/rpm                |                  NO                  |
| `Debian GNU/Linux`             | wheezy, jessie, stretch, buster          |   apt/apt-get/dpkg            |                 YES                  |
| `Ubuntu`                       | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 |   apt/apt-get/dpkg            |                 YES                  |
| `Distroless`                   | Any                                      |   apt/apt-get/dpkg            |                 YES                  |


### Application Dependencies Vulnerabilities Detection

| Application Dependencies |
|--------------------------|
| `Bundler`                  |
| `Composer`                 |
| `Pipenv`                   |
| `Poetry`                   |
| `npm`                      |
| `yarn`                     |
| `Cargo`                    |

We use [Junit](https://junit.org/junit5/)'s XML report to display error report
directly in pipeline `Test` tab and in merge request widget

## Version