Merge branch '96-use-recent-trivy-features' into 'master' (18bd95c0) · Commits · to be continuous... / Docker

templates/gitlab-ci-docker.yml

+11 −9

Original line number	Diff line number	Diff line
		@@ -993,15 +993,17 @@ docker-trivy:
		# Add common trivy arguments
		# The Java DB is downloaded client-side in client/server mode (https://github.com/aquasecurity/trivy/issues/3560), so we need to specify the Java DB repository
		export trivy_opts="${trivy_opts} ${DOCKER_TRIVY_JAVA_DB_REPOSITORY:+--java-db-repository $DOCKER_TRIVY_JAVA_DB_REPOSITORY} --no-progress --severity ${DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD} ${DOCKER_TRIVY_ARGS}"
		# GitLab format (no fail)
		trivy ${trivy_opts} --format template --exit-code 0 --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json $DOCKER_SNAPSHOT_IMAGE
		# JSON format (no fail)
		if [[ "$DEFECTDOJO_TRIVY_REPORTS" ]]
		then
		trivy ${trivy_opts} --format json --exit-code 0 --output reports/docker-trivy-${basename}.native.json $DOCKER_SNAPSHOT_IMAGE
		fi
		# console output (fail)
		trivy ${trivy_opts} --format table --exit-code 1 $DOCKER_SNAPSHOT_IMAGE

		# Generate the native JSON report that can later be converted to other formats
		trivy ${trivy_opts} --exit-code 1 --format json --output reports/docker-trivy-${basename}.native.json $DOCKER_SNAPSHOT_IMAGE \|\| exit_code=$?

		# Generate a report in the GitLab format
		trivy convert --format template --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json reports/docker-trivy-${basename}.native.json

		# console output
		trivy convert --format table reports/docker-trivy-${basename}.native.json

		exit $exit_code
		artifacts:
		when: always
		paths: