-
Notifications
You must be signed in to change notification settings - Fork 4
/
custom-image-scan.yaml
65 lines (61 loc) · 1.94 KB
/
custom-image-scan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
creationTimestamp: '2021-06-01T11:46:45Z'
generation: 7
managedFields:
- apiVersion: tekton.dev/v1beta1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
.: {}
'f:params': {}
'f:steps': {}
manager: Mozilla
operation: Update
time: '2021-06-01T11:46:45Z'
name: custom-image-scan
resourceVersion: '1528375'
selfLink: /apis/tekton.dev/v1beta1/clustertasks/custom-image-scan
uid: c51a9bd5-1854-4dd4-a241-8fccd644c587
spec:
params:
- description: >-
Secret containing the address:port tuple for StackRox Central (example -
rox.stackrox.io:443)
name: rox_central_endpoint
type: string
- description: Secret containing the StackRox API token with CI permissions
name: rox_api_token
type: string
- description: 'Full name of image to scan (example -- gcr.io/rox/sample:5.0-rc1)'
name: image
type: string
- default: json
description: Output format (json | csv | pretty)
name: output_format
type: string
steps:
- env:
- name: ROX_API_TOKEN
valueFrom:
secretKeyRef:
key: rox_api_token
name: $(params.rox_api_token)
- name: ROX_CENTRAL_ENDPOINT
valueFrom:
secretKeyRef:
key: rox_central_endpoint
name: $(params.rox_central_endpoint)
image: ubi8/openjdk-11
name: custom-image-scan
resources: {}
script: >-
#!/usr/bin/env bash
set +x
curl -k -L -H "Authorization: Bearer $ROX_API_TOKEN"
https://$ROX_CENTRAL_ENDPOINT/api/cli/download/roxctl-linux --output
./roxctl > /dev/null; echo "Getting roxctl"
chmod +x ./roxctl > /dev/null
./roxctl image scan --insecure-skip-tls-verify -e $ROX_CENTRAL_ENDPOINT
--image $(params.image) --format $(params.output_format)