trivy.yaml add

clustertask/trivy.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: ClusterTask
+metadata:
+  name: trivy-scanner
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/categories: Security
+    tekton.dev/tags: CLI, trivy
+    tekton.dev/displayName: "trivy scanner"
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: >-
+    Trivy is a simple and comprehensive scanner for
+    vulnerabilities in container images,file systems
+    ,and Git repositories, as well as for configuration issues.
+
+    This task can be used to scan for vulnenrabilities on the source code
+    in stand alone mode.
+  workspaces:
+    - name: manifest-dir
+  params:
+    - name: ARGS
+      description: The Arguments to be passed to Trivy command.
+      type: array
+    - name: TRIVY_IMAGE
+      default: docker.io/aquasec/trivy@sha256:dea76d4b50c75125cada676a87ac23de2b7ba4374752c6f908253c3b839201d9
+      description: Trivy scanner image to be used
+    - name: IMAGE_PATH
+      description: Image or Path to be scanned by trivy.
+      type: string
+  steps:
+    - name: trivy-scan
+      image: $(params.TRIVY_IMAGE)
+      workingDir: $(workspaces.manifest-dir.path)
+      script: |
+        #!/usr/bin/env sh
+          export TRIVY_NON_SSL=true
+          cmd="trivy --cache-dir . --skip-update $* $(params.IMAGE_PATH)"
+          echo "Running trivy task with command below"
+          echo "$cmd"
+          eval "$cmd"
+      args:
+        - "$(params.ARGS)"