Commit 504d40af authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '10-trivy-disable-telemetry-and-version-check' into 'master' 

Resolve "[Trivy] Disable telemetry and version check"

Closes #10

See merge request to-be-continuous/cnb!40
parents 56b5c066 1c156472

README.md

+1 −1
Original line number Diff line number Diff line
@@ -216,7 +216,7 @@ It is bound to the `package-test` stage, and uses the following variables: 
| ---------------------- | -------------------------------------- | ----------------- |

| `trivy-image` / `CNB_TRIVY_IMAGE` | The docker image used to scan images with Trivy | `docker.io/aquasec/trivy:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-CNB_TRIVY_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-CNB_TRIVY_IMAGE) |

| `trivy-disabled` / `CNB_TRIVY_DISABLED` | Set to `true` to disable Trivy analysis          | _(none)_ |

| `trivy-args` / `CNB_TRIVY_ARGS` | Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options) | `--ignore-unfixed --vuln-type os` |

| `trivy-args` / `CNB_TRIVY_ARGS` | Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options) | `--ignore-unfixed --vuln-type os --disable-telemetry --skip-version-check` |



Other Trivy parameters shall be configured using [Trivy environment variables](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options).

Examples:

kicker.json

+1 −1
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ 
        {

          "name": "CNB_TRIVY_ARGS",

          "description": "Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options)",

          "default": "--ignore-unfixed --vuln-type os --exit-on-eol 1",

          "default": "--ignore-unfixed --vuln-type os --exit-on-eol 1 --disable-telemetry --skip-version-check",

          "advanced": true

        }

      ]

templates/gitlab-ci-cnb.yml

+1 −1
Original line number Diff line number Diff line
@@ -59,7 +59,7 @@ spec: 
      default: docker.io/aquasec/trivy:latest

    trivy-args:

      description: Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options)

      default: --ignore-unfixed --vuln-type os --exit-on-eol 1

      default: --ignore-unfixed --vuln-type os --exit-on-eol 1 --disable-telemetry --skip-version-check

---

workflow:

  rules: