fix(kube): use make scan for trivy scan

This commit is contained in:
Philippe Caseiro 2023-06-19 16:59:05 +02:00
parent d252924f22
commit 92bec0f127
1 changed files with 10 additions and 31 deletions

View File

@ -121,37 +121,14 @@ String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
}
void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
String reportFile = ".trivy-report-${currentBuild.startTimeInMillis}.txt"
try {
validateImageWithTrivy(imageName, ['reportFile': reportFile])
} catch (err) {
unstable("Image '${imageName}' failed validation !")
} finally {
String lintReport = ''
if (fileExists(reportFile)) {
lintReport = """${lintReport}
|
|```
|${readFile(reportFile)}
|```"""
} else {
lintReport = """${lintReport}
|
|_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
String currentBranch = env.BRANCH_NAME.replaceAll("[^a-zA-Z]+","_")
stage("Scan with trivy '${imageName}:${imageTag}'") {
utils.when(!dryRun) {
retry(2) {
sh """
CURRENT_BRANCH=${currentBranch} make scan
"""
}
String defaultReport = '_Rien à signaler !_ :thumbsup:'
String report = """## Validation de l'image `${imageName}`
|
|${lintReport ?: defaultReport}
""".stripMargin()
print report
if (env.CHANGE_ID) {
gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
}
}
}
@ -164,6 +141,8 @@ String validateImageWithTrivy(String imageName, Map options = [:]) {
Integer cacheMaxSize = options.get('cacheMaxSize', 250)
String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
[$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
]) {