Loading templates/gitlab-ci-terraform.yml +8 −10 Original line number Diff line number Diff line Loading @@ -1109,16 +1109,14 @@ tf-trivy: needs: [] script: - mkdir -p -m 777 reports # maybe generate report for DefectDojo (non-failing) - | if [[ "$DEFECTDOJO_TRIVY_REPORTS" ]] then trivy config --exit-code 0 --misconfig-scanners=terraform --format json --output reports/tf-trivy.trivy.json $TF_TRIVY_ARGS fi # generate report for GitLab (non-failing) - trivy config --exit-code 0 --misconfig-scanners=terraform --format template --template @/contrib/gitlab-codequality.tpl --output reports/tf-trivy.codeclimate.json $TF_TRIVY_ARGS # console output & failing - trivy config --exit-code 1 --misconfig-scanners=terraform $TF_TRIVY_ARGS - exit_code=0 # Generate the native JSON report that can later be converted to other formats - trivy config --exit-code 1 --misconfig-scanners=terraform --format json --output reports/tf-trivy.trivy.json $TF_TRIVY_ARGS || exit_code=$? # generate report for GitLab - trivy convert --format template --template @/contrib/gitlab-codequality.tpl --output reports/tf-trivy.codeclimate.json reports/tf-trivy.trivy.json # console output - trivy convert --format table reports/tf-trivy.trivy.json - exit $exit_code artifacts: name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day Loading Loading
templates/gitlab-ci-terraform.yml +8 −10 Original line number Diff line number Diff line Loading @@ -1109,16 +1109,14 @@ tf-trivy: needs: [] script: - mkdir -p -m 777 reports # maybe generate report for DefectDojo (non-failing) - | if [[ "$DEFECTDOJO_TRIVY_REPORTS" ]] then trivy config --exit-code 0 --misconfig-scanners=terraform --format json --output reports/tf-trivy.trivy.json $TF_TRIVY_ARGS fi # generate report for GitLab (non-failing) - trivy config --exit-code 0 --misconfig-scanners=terraform --format template --template @/contrib/gitlab-codequality.tpl --output reports/tf-trivy.codeclimate.json $TF_TRIVY_ARGS # console output & failing - trivy config --exit-code 1 --misconfig-scanners=terraform $TF_TRIVY_ARGS - exit_code=0 # Generate the native JSON report that can later be converted to other formats - trivy config --exit-code 1 --misconfig-scanners=terraform --format json --output reports/tf-trivy.trivy.json $TF_TRIVY_ARGS || exit_code=$? # generate report for GitLab - trivy convert --format template --template @/contrib/gitlab-codequality.tpl --output reports/tf-trivy.codeclimate.json reports/tf-trivy.trivy.json # console output - trivy convert --format table reports/tf-trivy.trivy.json - exit $exit_code artifacts: name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day Loading
