From 32564adceb004fb92cb692f7b660619d5bed1511 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EB=B3=80=EC=A0=95=ED=9B=88?= Date: Tue, 31 Jan 2023 05:15:05 +0000 Subject: [PATCH] trivy.yaml add --- clustertask/trivy.yaml | 46 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 clustertask/trivy.yaml diff --git a/clustertask/trivy.yaml b/clustertask/trivy.yaml new file mode 100644 index 0000000..9ec1265 --- /dev/null +++ b/clustertask/trivy.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: trivy-scanner + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: Security + tekton.dev/tags: CLI, trivy + tekton.dev/displayName: "trivy scanner" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + Trivy is a simple and comprehensive scanner for + vulnerabilities in container images,file systems + ,and Git repositories, as well as for configuration issues. + + This task can be used to scan for vulnenrabilities on the source code + in stand alone mode. + workspaces: + - name: manifest-dir + params: + - name: ARGS + description: The Arguments to be passed to Trivy command. + type: array + - name: TRIVY_IMAGE + default: docker.io/aquasec/trivy@sha256:dea76d4b50c75125cada676a87ac23de2b7ba4374752c6f908253c3b839201d9 + description: Trivy scanner image to be used + - name: IMAGE_PATH + description: Image or Path to be scanned by trivy. + type: string + steps: + - name: trivy-scan + image: $(params.TRIVY_IMAGE) + workingDir: $(workspaces.manifest-dir.path) + script: | + #!/usr/bin/env sh + export TRIVY_NON_SSL=true + cmd="trivy --cache-dir . --skip-update $* $(params.IMAGE_PATH)" + echo "Running trivy task with command below" + echo "$cmd" + eval "$cmd" + args: + - "$(params.ARGS)" \ No newline at end of file