github/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-04-15 07:06:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ci
pinniped/pipelines/shared-tasks/scan-image-trivy/task.yml

37 lines
847 B
YAML
Raw Permalink Blame History

# Copyright 2020-2026 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
---
platform: linux
image_resource:
type: registry-image
source:
repository: docker.io/aquasec/trivy # alternatively could use ghcr.io/aquasecurity/trivy
inputs:
- name: image
outputs:
params:
# For format see https://trivy.dev/docs/latest/guide/configuration/filtering/#by-finding-ids
IGNORE_VULNERABILITY_IDS: ""
run:
path: ash
args:
- -c
- |
set -euo pipefail
cat <<EOF >.trivyignore
${IGNORE_VULNERABILITY_IDS}
EOF
echo ".trivyignore file contents:"
cat .trivyignore
echo
trivy image \
--input=image/image.tar \
--db-repository public.ecr.aws/aquasecurity/trivy-db \
--exit-code=1 \
--scanners vuln \
--timeout=10m0s
Reference in New Issue View Git Blame Copy Permalink