Commit 5ff8387a authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

docs: fix Trivy links (changed domain)

parent a69b1b92

README.md

+5 −5
Original line number Diff line number Diff line
@@ -289,7 +289,7 @@ In addition to a textual report in the console, this job produces the following 


### `py-trivy` job (dependency check)



This job performs a dependency check analysis using [Trivy](https://aquasecurity.github.io/trivy).

This job performs a dependency check analysis using [Trivy](https://trivy.dev).

:warning:  This job is now **enabled by default** since version 7.0.0
@@ -299,12 +299,12 @@ It is bound to the `test` stage, and uses the following variables: 
| ---------------- | ----------------------------------------------------------------------- | ----------------- |

| `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job                                 | _none_ (enabled) |

| `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |

| `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/#options) | `--ignore-unfixed --pkg-types library --detection-priority comprehensive --disable-telemetry --skip-version-check`   |

| `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://trivy.dev/docs/latest/references/configuration/cli/trivy_filesystem/#options) | `--ignore-unfixed --pkg-types library --detection-priority comprehensive --disable-telemetry --skip-version-check`   |



Other Trivy parameters shall be configured using [Trivy environment variables](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/#options).

Other Trivy parameters shall be configured using [Trivy environment variables](https://trivy.dev/docs/latest/references/configuration/cli/trivy_filesystem/#options).

Examples:

* `TRIVY_SEVERITY`: severities of security issues to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)

* `TRIVY_SERVER`: server address (enables [client/server mode](https://trivy.dev/latest/docs/references/modes/client-server/))

* `TRIVY_SERVER`: server address (enables [client/server mode](https://trivy.dev/docs/latest/references/modes/client-server/))

* `TRIVY_DB_REPOSITORY`: OCI repository to retrieve Trivy Database from

* ...
@@ -315,7 +315,7 @@ In addition to a textual report in the console, this job produces the following 


| Report         | Format                                                                       | Usage             |

| -------------- | ---------------------------------------------------------------------------- | ----------------- |

| `$PYTHON_PROJECT_DIR/reports/py-trivy.trivy.json` | [JSON](https://aquasecurity.github.io/trivy/latest/docs/configuration/reporting/#json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)<br/>_This report is generated only if DefectDojo template is detected_ |

| `$PYTHON_PROJECT_DIR/reports/py-trivy.trivy.json` | [JSON](https://trivy.dev/docs/latest/configuration/reporting/#json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)<br/>_This report is generated only if DefectDojo template is detected_ |



### `py-sbom` job

kicker.json

+2 −2
Original line number Diff line number Diff line
@@ -147,7 +147,7 @@ 
    {

      "id": "trivy",

      "name": "Trivy",

      "description": "Detect security vulnerabilities with [Trivy](https://aquasecurity.github.io/trivy) (dependencies analysis)",

      "description": "Detect security vulnerabilities with [Trivy](https://trivy.dev) (dependencies analysis)",

      "disable_with": "PYTHON_TRIVY_DISABLED",

      "variables": [

        {
@@ -157,7 +157,7 @@ 
        },

        {

          "name": "PYTHON_TRIVY_ARGS",

          "description": "Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/)",

          "description": "Additional [Trivy CLI options](https://trivy.dev/docs/latest/references/configuration/cli/trivy_filesystem/)",

          "default": "--ignore-unfixed --pkg-types library --detection-priority comprehensive --disable-telemetry --skip-version-check",

          "advanced": true

        }

templates/gitlab-ci-python.yml

+2 −1
Original line number Diff line number Diff line
@@ -120,7 +120,7 @@ spec: 
        _When unset, the latest version will be used_

      default: ''

    trivy-args:

      description: Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/)

      description: Additional [Trivy CLI options](https://trivy.dev/docs/latest/references/configuration/cli/trivy_filesystem/)

      default: --ignore-unfixed --pkg-types library --detection-priority comprehensive --disable-telemetry --skip-version-check

    sbom-disabled:

      description: Disable Software Bill of Materials
@@ -1187,6 +1187,7 @@ stages: 
    when: always

    paths:

      - .cache

      - $PYTHON_PROJECT_DIR/.venv

  before_script:

    - !reference [.python-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"