Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

contrib: Add GitLab CI template to deeply integrated with GitLab Container Scanning #376

Merged
merged 1 commit into from Jan 26, 2020
Merged

contrib: Add GitLab CI template to deeply integrated with GitLab Container Scanning #376

merged 1 commit into from Jan 26, 2020

Conversation

tnir
Copy link
Contributor

@tnir tnir commented Jan 18, 2020
edited

Adds GitLab CI template with deep integration with GitLab Container Scanning (report) (part of GitLab Security Product)

cf. https://gitlab.com/gitlab-org/gitlab/blob/f156adcec4c48d304128f2a4a8987f9ad6408591/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml

TODO

@tnir tnir mentioned this pull request Jan 18, 2020
Merged
2 tasks
@knqyf263
Copy link
Collaborator

@tnir Thank you for the awesome contribution! We'll have a look soon.

@mrueg mrueg mentioned this pull request Jan 20, 2020
Merged
@knqyf263 knqyf263 requested a review from simar7 January 20, 2020 16:02
knqyf263
knqyf263 reviewed Jan 22, 2020
View reviewed changes
contrib/Trivy.gitlab-ci.yml Outdated Show resolved Hide resolved
contrib/Trivy.gitlab-ci.yml Outdated Show resolved Hide resolved
contrib/Trivy.gitlab-ci.yml Outdated Show resolved Hide resolved
@tnir tnir force-pushed the gitlab-ci-template branch 3 times, most recently from df726fe to 94f3782 Compare January 23, 2020 02:06
tnir
tnir commented Jan 23, 2020
View reviewed changes
contrib/Trivy.gitlab-ci.yml Outdated Show resolved Hide resolved
@tnir tnir force-pushed the gitlab-ci-template branch 2 times, most recently from ac7e701 to a3972fd Compare January 23, 2020 02:38
@tnir
Copy link
Contributor Author

tnir commented Jan 23, 2020

Templating does looks working well: https://gitlab.com/tnir/trivy-ci-test/-/jobs/412246842

@tnir tnir requested a review from knqyf263 January 23, 2020 03:02
mrueg
mrueg reviewed Jan 23, 2020
View reviewed changes
contrib/Trivy.gitlab-ci.yml Outdated Show resolved Hide resolved
mrueg
mrueg reviewed Jan 23, 2020
View reviewed changes
contrib/Trivy.gitlab-ci.yml Outdated
- apk add --no-cache curl docker-cli
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin
- curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/master/contrib/gitlab.tpl
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a way we could not fetch this from master? If the template changes and the downloaded binary does not support it, this could cause incompatibilities.

Maybe we can parse $(trivy --version) and pull from the tag instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. We should use environment variables to fix. With environment variables with the default value of Trivy version, (GitLab CI) users can inject arbitrary version of (Trivy-GitLab) template, which will reduce regression and be helpful for users of non-latest version GitLab.

@tnir
Copy link
Contributor Author

tnir commented Jan 24, 2020

Blocked by PR #387 (issue #386)

@tnir
Copy link
Contributor Author

tnir commented Jan 24, 2020
edited

Task list was moved to the description of the PR.

@tnir tnir force-pushed the gitlab-ci-template branch 3 times, most recently from 04b9c09 to 8f0d8ac Compare January 24, 2020 17:00
mrueg
mrueg reviewed Jan 24, 2020
View reviewed changes
contrib/Trivy.gitlab-ci.yml Outdated Show resolved Hide resolved
@davinkevin davinkevin mentioned this pull request Jan 25, 2020
Merged
@knqyf263
Copy link
Collaborator

@tnir I've merged #327. I didn't check it carefully😓 I appreciate your contribution.

@tnir
Initial GitLab CI template to deeply integrated with GitLab Container…
350a96e 
… Scanning

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
@knqyf263 knqyf263 merged commit 9707c7b into aquasecurity:master Jan 26, 2020
@knqyf263
Copy link
Collaborator

Thanks! Awesome work!

@tnir tnir deleted the gitlab-ci-template branch January 26, 2020 15:05
GuaoGuao pushed a commit to GuaoGuao/trivy that referenced this pull request Jun 24, 2020
@tnir @knqyf263
Initial GitLab CI template to deeply integrated with GitLab Container…
47e920b 
… Scanning (aquasecurity#376)

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
liamg pushed a commit that referenced this pull request Jun 7, 2022
@tnir @knqyf263
Initial GitLab CI template to deeply integrated with GitLab Container…
a3c578e 
… Scanning (#376)

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
liamg pushed a commit that referenced this pull request Jun 7, 2022
@dependabot
chore(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 (#376)
eb52c48
liamg pushed a commit that referenced this pull request Jun 7, 2022
@dependabot
chore(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 (#376)
4b2f420
josedonizetti pushed a commit to josedonizetti/trivy that referenced this pull request Jun 24, 2022
@vanesasejdiu @liamg
test: add tests for aws docdb tf adapters (aquasecurity#376)
d3fe1c2 
Co-authored-by: Liam Galvin <liam.galvin@aquasec.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrueg mrueg mrueg left review comments

@knqyf263 knqyf263 knqyf263 approved these changes

@simar7 simar7 Awaiting requested review from simar7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tnir @knqyf263 @mrueg