trivy.yaml add
This commit is contained in:
46
clustertask/trivy.yaml
Normal file
46
clustertask/trivy.yaml
Normal file
@@ -0,0 +1,46 @@
|
|||||||
|
---
|
||||||
|
apiVersion: tekton.dev/v1beta1
|
||||||
|
kind: ClusterTask
|
||||||
|
metadata:
|
||||||
|
name: trivy-scanner
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/version: "0.1"
|
||||||
|
annotations:
|
||||||
|
tekton.dev/pipelines.minVersion: "0.12.1"
|
||||||
|
tekton.dev/categories: Security
|
||||||
|
tekton.dev/tags: CLI, trivy
|
||||||
|
tekton.dev/displayName: "trivy scanner"
|
||||||
|
tekton.dev/platforms: "linux/amd64"
|
||||||
|
spec:
|
||||||
|
description: >-
|
||||||
|
Trivy is a simple and comprehensive scanner for
|
||||||
|
vulnerabilities in container images,file systems
|
||||||
|
,and Git repositories, as well as for configuration issues.
|
||||||
|
|
||||||
|
This task can be used to scan for vulnenrabilities on the source code
|
||||||
|
in stand alone mode.
|
||||||
|
workspaces:
|
||||||
|
- name: manifest-dir
|
||||||
|
params:
|
||||||
|
- name: ARGS
|
||||||
|
description: The Arguments to be passed to Trivy command.
|
||||||
|
type: array
|
||||||
|
- name: TRIVY_IMAGE
|
||||||
|
default: docker.io/aquasec/trivy@sha256:dea76d4b50c75125cada676a87ac23de2b7ba4374752c6f908253c3b839201d9
|
||||||
|
description: Trivy scanner image to be used
|
||||||
|
- name: IMAGE_PATH
|
||||||
|
description: Image or Path to be scanned by trivy.
|
||||||
|
type: string
|
||||||
|
steps:
|
||||||
|
- name: trivy-scan
|
||||||
|
image: $(params.TRIVY_IMAGE)
|
||||||
|
workingDir: $(workspaces.manifest-dir.path)
|
||||||
|
script: |
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
export TRIVY_NON_SSL=true
|
||||||
|
cmd="trivy --cache-dir . --skip-update $* $(params.IMAGE_PATH)"
|
||||||
|
echo "Running trivy task with command below"
|
||||||
|
echo "$cmd"
|
||||||
|
eval "$cmd"
|
||||||
|
args:
|
||||||
|
- "$(params.ARGS)"
|
||||||
Reference in New Issue
Block a user