Commit 4a14b1e8 authored by Girija Saint-Ange's avatar Girija Saint-Ange
Browse files

Merge branch... 

Merge branch '111-use-native-json-for-trivy-as-specified-in-the-report-file-naming-convention' into 'master'

fix: use native.json for trivy as per naming convention

Closes #111

See merge request to-be-continuous/terraform!165
parents 975788d2 abdd3fb2

README.md

+1 −1
Original line number Diff line number Diff line
@@ -599,7 +599,7 @@ In addition to a textual report in the console, this job produces the following 
| Report         | Format                                                                       | Usage             |

| -------------- | ---------------------------------------------------------------------------- | ----------------- |

| `$TF_PROJECT_DIR/reports/tf-trivy.codeclimate.json` | [Code Climate](https://github.com/aquasecurity/trivy/blob/main/contrib/gitlab-codequality.tpl) | [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) |

| `$TF_PROJECT_DIR/reports/tf-trivy.trivy.json` | Trivy [JSON](https://trivy.dev/docs/latest/configuration/reporting/#json) report | [DefectDojo integration](https://docs.defectdojo.com/supported_tools/parsers/file/trivy/)<br/>_This report is generated only if DefectDojo template is detected_ |

| `$TF_PROJECT_DIR/reports/tf-trivy.native.json` | Trivy [JSON](https://trivy.dev/docs/latest/configuration/reporting/#json) report | [DefectDojo integration](https://docs.defectdojo.com/supported_tools/parsers/file/trivy/)<br/>_This report is generated only if DefectDojo template is detected_ |



### `tf-checkov` job

templates/gitlab-ci-terraform.yml

+3 −3
Original line number Diff line number Diff line
@@ -1247,11 +1247,11 @@ tf-trivy: 
    - mkdir -p -m 777 reports

    - exit_code=0

    # Generate the native JSON report that can later be converted to other formats

    - trivy config --exit-code 1 --misconfig-scanners=terraform --format json --output reports/tf-trivy.trivy.json $TF_TRIVY_ARGS || exit_code=$?

    - trivy config --exit-code 1 --misconfig-scanners=terraform --format json --output reports/tf-trivy.native.json $TF_TRIVY_ARGS || exit_code=$?

    # generate report for GitLab

    - trivy convert --format template --template @/contrib/gitlab-codequality.tpl --output reports/tf-trivy.codeclimate.json reports/tf-trivy.trivy.json

    - trivy convert --format template --template @/contrib/gitlab-codequality.tpl --output reports/tf-trivy.codeclimate.json reports/tf-trivy.native.json

    # console output

    - trivy convert --format table reports/tf-trivy.trivy.json

    - trivy convert --format table reports/tf-trivy.native.json

    - exit $exit_code

  artifacts:

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"