mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-09 22:41:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
51f396d1b361cf7f0739f73ec08a571eebbfc708
pinniped/pipelines/shared-tasks/scan-image-trivy/task.yml
Ryan Richard b829d05346 show more vulnerabilities in trivy scan output
2024-10-31 10:36:18 -07:00

38 lines
884 B
YAML
Raw Blame History

# Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
---
platform: linux
image_resource:
type: registry-image
source:
repository: docker.io/aquasec/trivy # alternatively could use ghcr.io/aquasecurity/trivy
inputs:
- name: image
outputs:
params:
GITHUB_TOKEN:
# For format see https://aquasecurity.github.io/trivy/v0.24.2/vulnerability/examples/filter/#by-vulnerability-ids
IGNORE_VULNERABILITY_IDS: ""
run:
path: ash
args:
- -c
- |
set -euo pipefail
cat <<EOF >.trivyignore
${IGNORE_VULNERABILITY_IDS}
EOF
echo ".trivyignore file contents:"
cat .trivyignore
echo
trivy image \
--input=image/image.tar \
--db-repository public.ecr.aws/aquasecurity/trivy-db \
--exit-code=1 \
--scanners vuln \
--timeout=10m0s
Reference in New Issue View Git Blame Copy Permalink