Loading docs/jobs/build/mkdocs.md +18 −15 Original line number Diff line number Diff line Loading @@ -17,36 +17,39 @@ Mkdocs](https://squidfunk.github.io/mkdocs-material/) are ready to use. /mkdocs.yml # This is your configuration file /docs/ # This folder contains all your documentation markdown files ``` 2. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). You can use a specific version from [version list](#versions). Example with default (`latest`): 2. Choose a version in [version list](#versions) 3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). Example: ```yaml include: - remote: 'https://jobs.go2scale.io/mkdocs.yml' ``` 3. If you need set variables, see [Jobs customization](/getting-started#jobs-customization) section in getting started ## Jobs 4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs customization](/getting-started/#jobs-customization) ### Documentation 5. Well done, your job is ready to work ! 😀 Build HTML documentation from Makdown source using `Mkdocs`. ## Job details * Job name: `mkdocs` * Docker image: [squidfunk/mkdocs-material](https://hub.docker.com/r/squidfunk/mkdocs-material) * When: always * Stage: build * Artifacts: * Result of documentation build exposed as `Documentation` * Variables: [`squidfunk/mkdocs-material`](https://hub.docker.com/r/squidfunk/mkdocs-material) * Default stage: `build` * When: `always` ### Variables | Name | Description | Default | | ---- | ----------- | ------- | | `DOCUMENTATION_DISABLE` | Disable build | | ### Artifacts Result of documentation build is [exposed as](https://docs.gitlab.com/ee/ci/yaml/#artifactsexpose_as) `Documentation` in merge requests ## Versions Loading docs/jobs/deployment/pages.md +11 −11 Original line number Diff line number Diff line Loading @@ -12,7 +12,7 @@ from previous job named `documentation`. documentation to publish as artifact. Example: [Mkdocs](/jobs/mkdocs/) 1. Choose a version in [version list](#versions) 2. Add the corresponding url to your `.gitlab-ci.yml` file (see [Getting 3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). Example: ```yaml Loading @@ -20,20 +20,20 @@ from previous job named `documentation`. - remote: 'https://jobs.go2scale.io/pages.yml' ``` 3. If you need set variables in jobs, use `variables` option in `.gitlab-ci.yml` file 4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs customization](/getting-started/#jobs-customization) ## Jobs 5. Well done, your job is ready to work ! 😀 ### Pages * Docker image: [ruby](https://hub.docker.com/_/ruby) ## Job details * Job name: `pages` * Docker image: [`ruby`](https://hub.docker.com/_/ruby) * Stage: `deployment` * When: only run on `master` branch * Stage: deployment * Artifacts: * Result of documentation from previous job. It's used as input for Gitlab pages * Variables: ### Variables: | Name | Description | Default | | ---- | ----------- | ------- | Loading docs/jobs/dynamic_tests/trivy.md +29 −70 Original line number Diff line number Diff line # 🧱 Trivy # 🧱 Trivy image analysis ## Description [Trivy](https://github.com/aquasecurity/trivy) is a Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI ##### By default, this job * Is avaible for any edition of GitLab * Is 100% autonom - you don't have any updates or config to do, but obviously you can change the values of the variables or configure your own script * Analysis with [Trivy](https://github.com/aquasecurity/trivy) the GitLab's repo (image or/and filesystem) at every commit to detect vulnerabilities * Displays a report in pipeline window and merge request (junit.xml format) * Fails if at least one security issue is found Run a security issue detection in a docker image using [Trivy](https://github.com/aquasecurity/trivy), a Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts. More details on Trivy vulnerability detection capabilities are available in its official [README](https://github.com/aquasecurity/trivy#vulnerability-detection) !!! warning With the default configuration, this job will fail if errors are detected. It's the recommended configuration to reduce security risks in your software. You can disable this behaviour by setting the value `0` to the variable `TRIVY_EXIT_CODE`. ## How to use it 1. Please check supported OS and packages (see list below) 2. Please check variables config (see list below) 3. Add the corresponding url to your `.gitlab-ci.yml` file 1. Check supported OS and packages [here](https://github.com/aquasecurity/trivy#vulnerability-detection) 2. Choose a version in [version list](#versions) 3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). Example: ```yaml include: - remote: 'https://jobs.go2scale.io/trivy.yml' ``` 4. Well done, it's finished ! 😀 4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs customization](/getting-started/#jobs-customization) 5. Well done, your job is ready to work ! 😀 ### Variables Description ## Job details #### Main Variables * Job name: `trivy_image` * Docker image: [`docker`](https://hub.docker.com/_/docker) * Default stage: `dynamic_tests` ### Variables | VARIABLE NAME | DESCRIPTION | DEFAULT VALUE | | ------------- | ----------- | ------------- | Loading @@ -43,12 +53,6 @@ | `TRIVY_FORMAT` | Format (table, json, template) | template | | `TEMPLATE_NAME` | Name of used template | junit.tpl | | `TRIVY_CLEAR_CACHE` | Clear image caches without scanning | false | #### Secondary Variables | VARIABLE NAME | DESCRIPTION | DEFAULT VALUE | | ------------- | ----------- | ------------- | | `TRIVY_IGNORE_UNFIXED` | Display only fixed vulnerabilities | false | | `TRIVY_DEBUG` | Debug mode | false | | `DOCKER_HOST` | Daemon socket to connect to | tcp://docker:2375 | Loading @@ -60,55 +64,10 @@ | `TRIVY_SKIP_UPDATE` | Skip vulnerability database update | false | | `TRIVY_REMOVED_PKGS` | Detect vulns of Alpine removed packages | false | ### Artifacts ### Reports By default we use [Junit](https://junit.org/junit5/)'s xml report 1. When you launch this Trivy job, a `junit.tpl` file is downloaded from [Trivy](https://github.com/aquasecurity/trivy)'s repo in current directory 2. This template is used to display report in pipeline window and merge request ##### Default reporting config ```yaml artifacts: reports: junit: junit-report.xml expire_in: 30 days when: always ``` ### OS Packages Vulnerabilities Detection | OS Packages | Supported Versions | Target Packages | Detection of unfixed vulnerabilities | | ---------------------------- | ---------------------------------------- | ----------------------------- | :----------------------------------: | | `Alpine Linux` | 2.2 - 2.7, 3.0 - 3.12 | apk | NO | | `Red Hat Universal Base Image` | 7, 8 | yum/rpm | YES | | `Red Hat Enterprise Linux` | 6, 7, 8 | yum/rpm | YES | | `CentOS` | 6, 7 | yum/rpm | YES | | `Oracle Linux` | 5, 6, 7, 8 | yum/rpm | NO | | `Amazon Linux` | 1, 2 | yum/rpm | NO | | `openSUSE Leap` | 42, 15 | zypper/rpm | NO | | `SUSE Enterprise Linux` | 11, 12, 15 | zypper/rpm | NO | | `Photon OS` | 1.0, 2.0, 3.0 | tdnf/yum/rpm | NO | | `Debian GNU/Linux` | wheezy, jessie, stretch, buster | apt/apt-get/dpkg | YES | | `Ubuntu` | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 | apt/apt-get/dpkg | YES | | `Distroless` | Any | apt/apt-get/dpkg | YES | ### Application Dependencies Vulnerabilities Detection | Application Dependencies | |--------------------------| | `Bundler` | | `Composer` | | `Pipenv` | | `Poetry` | | `npm` | | `yarn` | | `Cargo` | We use [Junit](https://junit.org/junit5/)'s XML report to display error report directly in pipeline `Test` tab and in merge request widget ## Version Loading Loading
docs/jobs/build/mkdocs.md +18 −15 Original line number Diff line number Diff line Loading @@ -17,36 +17,39 @@ Mkdocs](https://squidfunk.github.io/mkdocs-material/) are ready to use. /mkdocs.yml # This is your configuration file /docs/ # This folder contains all your documentation markdown files ``` 2. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). You can use a specific version from [version list](#versions). Example with default (`latest`): 2. Choose a version in [version list](#versions) 3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). Example: ```yaml include: - remote: 'https://jobs.go2scale.io/mkdocs.yml' ``` 3. If you need set variables, see [Jobs customization](/getting-started#jobs-customization) section in getting started ## Jobs 4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs customization](/getting-started/#jobs-customization) ### Documentation 5. Well done, your job is ready to work ! 😀 Build HTML documentation from Makdown source using `Mkdocs`. ## Job details * Job name: `mkdocs` * Docker image: [squidfunk/mkdocs-material](https://hub.docker.com/r/squidfunk/mkdocs-material) * When: always * Stage: build * Artifacts: * Result of documentation build exposed as `Documentation` * Variables: [`squidfunk/mkdocs-material`](https://hub.docker.com/r/squidfunk/mkdocs-material) * Default stage: `build` * When: `always` ### Variables | Name | Description | Default | | ---- | ----------- | ------- | | `DOCUMENTATION_DISABLE` | Disable build | | ### Artifacts Result of documentation build is [exposed as](https://docs.gitlab.com/ee/ci/yaml/#artifactsexpose_as) `Documentation` in merge requests ## Versions Loading
docs/jobs/deployment/pages.md +11 −11 Original line number Diff line number Diff line Loading @@ -12,7 +12,7 @@ from previous job named `documentation`. documentation to publish as artifact. Example: [Mkdocs](/jobs/mkdocs/) 1. Choose a version in [version list](#versions) 2. Add the corresponding url to your `.gitlab-ci.yml` file (see [Getting 3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). Example: ```yaml Loading @@ -20,20 +20,20 @@ from previous job named `documentation`. - remote: 'https://jobs.go2scale.io/pages.yml' ``` 3. If you need set variables in jobs, use `variables` option in `.gitlab-ci.yml` file 4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs customization](/getting-started/#jobs-customization) ## Jobs 5. Well done, your job is ready to work ! 😀 ### Pages * Docker image: [ruby](https://hub.docker.com/_/ruby) ## Job details * Job name: `pages` * Docker image: [`ruby`](https://hub.docker.com/_/ruby) * Stage: `deployment` * When: only run on `master` branch * Stage: deployment * Artifacts: * Result of documentation from previous job. It's used as input for Gitlab pages * Variables: ### Variables: | Name | Description | Default | | ---- | ----------- | ------- | Loading
docs/jobs/dynamic_tests/trivy.md +29 −70 Original line number Diff line number Diff line # 🧱 Trivy # 🧱 Trivy image analysis ## Description [Trivy](https://github.com/aquasecurity/trivy) is a Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI ##### By default, this job * Is avaible for any edition of GitLab * Is 100% autonom - you don't have any updates or config to do, but obviously you can change the values of the variables or configure your own script * Analysis with [Trivy](https://github.com/aquasecurity/trivy) the GitLab's repo (image or/and filesystem) at every commit to detect vulnerabilities * Displays a report in pipeline window and merge request (junit.xml format) * Fails if at least one security issue is found Run a security issue detection in a docker image using [Trivy](https://github.com/aquasecurity/trivy), a Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts. More details on Trivy vulnerability detection capabilities are available in its official [README](https://github.com/aquasecurity/trivy#vulnerability-detection) !!! warning With the default configuration, this job will fail if errors are detected. It's the recommended configuration to reduce security risks in your software. You can disable this behaviour by setting the value `0` to the variable `TRIVY_EXIT_CODE`. ## How to use it 1. Please check supported OS and packages (see list below) 2. Please check variables config (see list below) 3. Add the corresponding url to your `.gitlab-ci.yml` file 1. Check supported OS and packages [here](https://github.com/aquasecurity/trivy#vulnerability-detection) 2. Choose a version in [version list](#versions) 3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting started](/getting-started)). Example: ```yaml include: - remote: 'https://jobs.go2scale.io/trivy.yml' ``` 4. Well done, it's finished ! 😀 4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs customization](/getting-started/#jobs-customization) 5. Well done, your job is ready to work ! 😀 ### Variables Description ## Job details #### Main Variables * Job name: `trivy_image` * Docker image: [`docker`](https://hub.docker.com/_/docker) * Default stage: `dynamic_tests` ### Variables | VARIABLE NAME | DESCRIPTION | DEFAULT VALUE | | ------------- | ----------- | ------------- | Loading @@ -43,12 +53,6 @@ | `TRIVY_FORMAT` | Format (table, json, template) | template | | `TEMPLATE_NAME` | Name of used template | junit.tpl | | `TRIVY_CLEAR_CACHE` | Clear image caches without scanning | false | #### Secondary Variables | VARIABLE NAME | DESCRIPTION | DEFAULT VALUE | | ------------- | ----------- | ------------- | | `TRIVY_IGNORE_UNFIXED` | Display only fixed vulnerabilities | false | | `TRIVY_DEBUG` | Debug mode | false | | `DOCKER_HOST` | Daemon socket to connect to | tcp://docker:2375 | Loading @@ -60,55 +64,10 @@ | `TRIVY_SKIP_UPDATE` | Skip vulnerability database update | false | | `TRIVY_REMOVED_PKGS` | Detect vulns of Alpine removed packages | false | ### Artifacts ### Reports By default we use [Junit](https://junit.org/junit5/)'s xml report 1. When you launch this Trivy job, a `junit.tpl` file is downloaded from [Trivy](https://github.com/aquasecurity/trivy)'s repo in current directory 2. This template is used to display report in pipeline window and merge request ##### Default reporting config ```yaml artifacts: reports: junit: junit-report.xml expire_in: 30 days when: always ``` ### OS Packages Vulnerabilities Detection | OS Packages | Supported Versions | Target Packages | Detection of unfixed vulnerabilities | | ---------------------------- | ---------------------------------------- | ----------------------------- | :----------------------------------: | | `Alpine Linux` | 2.2 - 2.7, 3.0 - 3.12 | apk | NO | | `Red Hat Universal Base Image` | 7, 8 | yum/rpm | YES | | `Red Hat Enterprise Linux` | 6, 7, 8 | yum/rpm | YES | | `CentOS` | 6, 7 | yum/rpm | YES | | `Oracle Linux` | 5, 6, 7, 8 | yum/rpm | NO | | `Amazon Linux` | 1, 2 | yum/rpm | NO | | `openSUSE Leap` | 42, 15 | zypper/rpm | NO | | `SUSE Enterprise Linux` | 11, 12, 15 | zypper/rpm | NO | | `Photon OS` | 1.0, 2.0, 3.0 | tdnf/yum/rpm | NO | | `Debian GNU/Linux` | wheezy, jessie, stretch, buster | apt/apt-get/dpkg | YES | | `Ubuntu` | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 | apt/apt-get/dpkg | YES | | `Distroless` | Any | apt/apt-get/dpkg | YES | ### Application Dependencies Vulnerabilities Detection | Application Dependencies | |--------------------------| | `Bundler` | | `Composer` | | `Pipenv` | | `Poetry` | | `npm` | | `yarn` | | `Cargo` | We use [Junit](https://junit.org/junit5/)'s XML report to display error report directly in pipeline `Test` tab and in merge request widget ## Version Loading