Commit 7964e980 authored by Bertrand Goareguer's avatar Bertrand Goareguer
Browse files

fix(trivy): disable telemetry and version check

parent 64d0a5b6

README.md

+1 −1
Original line number Diff line number Diff line
@@ -297,7 +297,7 @@ It is bound to the `test` stage, and uses the following variables: 
| ---------------- | ----------------------------------------------------------------------- | ----------------- |

| `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job                                 | _none_ (enabled) |

| `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |

| `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/#options) | `--ignore-unfixed --pkg-types library --detection-priority comprehensive`   |

| `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/#options) | `--ignore-unfixed --pkg-types library --detection-priority comprehensive --disable-telemetry --skip-version-check`   |



Other Trivy parameters shall be configured using [Trivy environment variables](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/#options).

Examples:

kicker.json

+1 −1
Original line number Diff line number Diff line
@@ -151,7 +151,7 @@ 
        {

          "name": "PYTHON_TRIVY_ARGS",

          "description": "Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/)",

          "default": "--ignore-unfixed --pkg-types library --detection-priority comprehensive",

          "default": "--ignore-unfixed --pkg-types library --detection-priority comprehensive --disable-telemetry --skip-version-check",

          "advanced": true

        }

      ]

templates/gitlab-ci-python.yml

+1 −1
Original line number Diff line number Diff line
@@ -110,7 +110,7 @@ spec: 
      default: ''

    trivy-args:

      description: Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/)

      default: --ignore-unfixed --pkg-types library --detection-priority comprehensive

      default: --ignore-unfixed --pkg-types library --detection-priority comprehensive --disable-telemetry --skip-version-check

    sbom-disabled:

      description: Disable Software Bill of Materials

      type: boolean