Commit 4d7f6581 authored Aug 18, 2025 by Clement Bois

Merge branch 'feat/trivy-codequality-report' into 'master'

feat: trivy codequality report

Closes #137

See merge request to-be-continuous/docker!163

parents 1457e800 c450fb9e

README.md

+5 −4

Original line number	Diff line number	Diff line
		@@ -471,9 +471,10 @@ It's possible to ignore some CVE by adding a `.trivyignore` file at the root of
		In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:

		\| Report \| Format \| Usage \|
		\| ------------------------------------ \| ------------------------------------------------------------------------------------------------------------------ \| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \|
		\| `reports/docker-trivy-*.native.json` \| native Trivy report format (json) \| [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)<br/>_This report is generated only if DefectDojo template is detected_ \|
		\| `reports/docker-trivy-*.gitlab.json` \| [Trivy report format for GitLab](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format \| [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) \|
		\| ----------------------------------------- \| ----------------------------------------------------------------------------------------------------------------------------------------- \| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \|
		\| `reports/docker-trivy-*.native.json` \| Native Trivy report format (json) \| [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)<br/>_This report is generated only if DefectDojo template is detected_ \|
		\| `reports/docker-trivy-*.gitlab.json` \| [Trivy report format for GitLab Container Security](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format \| [GitLab Container Security](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) \|
		\| `reports/docker-trivy-*.gitlab-codequality.json` \| [Trivy report format for GitLab Code Quality](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format \| [GitLab Code Quality](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) \|

		### `docker-sbom` job

templates/gitlab-ci-docker.yml

+3 −0

Original line number	Diff line number	Diff line
		@@ -1267,6 +1267,8 @@ docker-trivy:

		# Generate a report in the GitLab format
		trivy convert --format template --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json reports/docker-trivy-${basename}.native.json
		# Generate a report in the Code Quality format
		trivy convert --format template --template "@/contrib/gitlab-codequality.tpl" --output reports/docker-trivy-${basename}.gitlab-codequality.json reports/docker-trivy-${basename}.native.json

		# console output
		trivy convert --format table reports/docker-trivy-${basename}.native.json
		@@ -1281,6 +1283,7 @@ docker-trivy:
		- "reports/docker-trivy-*"
		reports:
		container_scanning: "reports/docker-trivy-*.gitlab.json"
		codequality: "reports/docker-trivy-*.gitlab-codequality.json"
		cache:
		- key: "$CI_COMMIT_REF_SLUG-trivy"
		paths: