Commit 4ac078c7 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '99-limit-security-reports-access-to-developer-role-and-above' into 'master' 

Resolve "Limit security reports access to developer role and above"

Closes #99

See merge request to-be-continuous/docker!132
parents 421473a3 29a3173e

README.md

+2 −2
Original line number Diff line number Diff line
@@ -296,7 +296,7 @@ FROM ubuntu 
RUN cd /tmp && echo "hello!"

```



In addition to a textual report in the console, this job produces the following reports, kept for one day:

In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:



| Report                                       | Format                               | Usage                                                                                                                                                                          |

| -------------------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
@@ -434,7 +434,7 @@ It is bound to the `package-test` stage, and uses the following variables: 
| `trivy-db-repository` / `DOCKER_TRIVY_DB_REPOSITORY`                       | OCI repository to retrieve Trivy Database from                                                                         | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-db`)          |

| `trivy-java-db-repository` / `DOCKER_TRIVY_JAVA_DB_REPOSITORY`             | OCI repository to retrieve Trivy Java Database from                                                                    | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-java-db:1`)\_ |



In addition to a textual report in the console, this job produces the following reports, kept for one day:

In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:



| Report                               | Format                                                                                                             | Usage                                                                                                                                                                       |

| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

templates/gitlab-ci-docker.yml

+2 −0
Original line number Diff line number Diff line
@@ -786,6 +786,7 @@ docker-hadolint: 
  artifacts:

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    expire_in: 1 day

    access: developer

    when: always

    reports:

      codequality:
@@ -1018,6 +1019,7 @@ docker-trivy: 
  artifacts:

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    expire_in: 1 day

    access: developer

    when: always

    paths:

    - "reports/docker-trivy-*"