Skip to content

Commit

Permalink
Merge branch 'feature/136_trivy_integration' into feature/136_fix_gro…
Browse files Browse the repository at this point in the history
…ovy_build
  • Loading branch information
alexander-dammeier committed Nov 28, 2024
2 parents a4651bd + 6cbd37d commit 57db423
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 18 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0


## [Unreleased]
### Added
- Add Trivy class for scanning container images with Trivy
- Combines the functionality of the findVulnerabilitiesWithTrivy function and the Trivy class of the dogu-build-lib

### Deprecated
- findVulnerabilitiesWithTrivy function is deprecated now. Please use the new Trivy class.

## [3.1.0](https://github.com/cloudogu/ces-build-lib/releases/tag/3.0.0) - 2024-11-25
### Added
Expand Down
22 changes: 4 additions & 18 deletions vars/findVulnerabilitiesWithTrivy.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ ArrayList call (Map args) {
if(args.containsKey('allowList'))
error "Arg allowList is deprecated, please use .trivyignore file"
def imageName = args.imageName
def trivyVersion = args.trivyVersion ? args.trivyVersion : '0.55.2'
def severityFlag = args.severity ? "--severity=${args.severity.join(',')}" : ''
def trivyVersion = args.trivyVersion ? args.trivyVersion : '0.57.1'
def severityFlag = args.severity ? "${args.severity.join(',')}" : ''
def additionalFlags = args.additionalFlags ? args.additionalFlags : ''
println(severityFlag)

Expand All @@ -27,7 +27,8 @@ ArrayList call (Map args) {

ArrayList getVulnerabilities(String trivyVersion, String severityFlag, String additionalFlags,String imageName) {
// this runs trivy and creates an output file with found vulnerabilities
runTrivyInDocker(trivyVersion, severityFlag, additionalFlags, imageName)
Trivy trivy = new Trivy(this, trivyVersion)
trivy.scanImage(imageName, severityFlag, TrivyScanStrategy.UNSTABLE, additionalFlags, "${env.WORKSPACE}/.trivy/trivyOutput.json")

def trivyOutput = readJSON file: "${env.WORKSPACE}/.trivy/trivyOutput.json"

Expand All @@ -42,21 +43,6 @@ ArrayList getVulnerabilities(String trivyVersion, String severityFlag, String ad

}




def runTrivyInDocker(String trivyVersion, severityFlag, additionalFlags, imageName) {
new Docker(this).image("aquasec/trivy:${trivyVersion}")
.mountJenkinsUser()
.mountDockerSocket()
.inside("-v ${env.WORKSPACE}/.trivy/.cache:/root/.cache/") {

sh "trivy image -f json -o .trivy/trivyOutput.json ${severityFlag} ${additionalFlags} ${imageName}"
}
}



static boolean validateArgs(Map args) {
return !(args == null || args.imageName == null || args.imageName == '')
}

0 comments on commit 57db423

Please sign in to comment.