fix(kube): use make scan for trivy scan
This commit is contained in:
parent
d252924f22
commit
92bec0f127
@ -121,37 +121,14 @@ String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
|
||||
}
|
||||
|
||||
void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
|
||||
String reportFile = ".trivy-report-${currentBuild.startTimeInMillis}.txt"
|
||||
|
||||
try {
|
||||
validateImageWithTrivy(imageName, ['reportFile': reportFile])
|
||||
} catch (err) {
|
||||
unstable("Image '${imageName}' failed validation !")
|
||||
} finally {
|
||||
String lintReport = ''
|
||||
|
||||
if (fileExists(reportFile)) {
|
||||
lintReport = """${lintReport}
|
||||
|
|
||||
|```
|
||||
|${readFile(reportFile)}
|
||||
|```"""
|
||||
} else {
|
||||
lintReport = """${lintReport}
|
||||
|
|
||||
|_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
|
||||
}
|
||||
|
||||
String defaultReport = '_Rien à signaler !_ :thumbsup:'
|
||||
String report = """## Validation de l'image `${imageName}`
|
||||
|
|
||||
|${lintReport ?: defaultReport}
|
||||
""".stripMargin()
|
||||
|
||||
print report
|
||||
|
||||
if (env.CHANGE_ID) {
|
||||
gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
|
||||
String currentBranch = env.BRANCH_NAME.replaceAll("[^a-zA-Z]+","_")
|
||||
stage("Scan with trivy '${imageName}:${imageTag}'") {
|
||||
utils.when(!dryRun) {
|
||||
retry(2) {
|
||||
sh """
|
||||
CURRENT_BRANCH=${currentBranch} make scan
|
||||
"""
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -164,6 +141,8 @@ String validateImageWithTrivy(String imageName, Map options = [:]) {
|
||||
Integer cacheMaxSize = options.get('cacheMaxSize', 250)
|
||||
String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
|
||||
|
||||
|
||||
|
||||
cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
|
||||
[$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
|
||||
]) {
|
||||
|
Loading…
Reference in New Issue
Block a user