Skip to content
Snippets Groups Projects
Commit 32272137 authored by Martin Weise's avatar Martin Weise
Browse files

Merge branch 'dev' into 'master'

Added more scans

See merge request !267
parents 078bba1e 78a1d0c4
No related branches found
No related tags found
3 merge requests!274Hotfix foreign key,!268Master,!267Added more scans
...@@ -267,9 +267,9 @@ scan-analyse-service: ...@@ -267,9 +267,9 @@ scan-analyse-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 0 dbrepo-analyse-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-analyse-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -279,7 +279,7 @@ scan-analyse-service: ...@@ -279,7 +279,7 @@ scan-analyse-service:
reports: reports:
container_scanning: ./.trivy/trivy-analyse-service-report.json container_scanning: ./.trivy/trivy-analyse-service-report.json
scan-authentication-service: scan-auth-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -287,9 +287,9 @@ scan-authentication-service: ...@@ -287,9 +287,9 @@ scan-authentication-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json dbrepo-auth-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 0 dbrepo-auth-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-auth-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -307,9 +307,9 @@ scan-broker-service: ...@@ -307,9 +307,9 @@ scan-broker-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json dbrepo-broker-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 dbrepo-broker-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-broker-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -319,6 +319,26 @@ scan-broker-service: ...@@ -319,6 +319,26 @@ scan-broker-service:
reports: reports:
container_scanning: ./.trivy/trivy-broker-service-report.json container_scanning: ./.trivy/trivy-broker-service-report.json
scan-data-db-sidecar:
image: bitnami/trivy:latest
stage: scan
only:
refs:
- master
allow_failure: true
script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-sidecar-report.json dbrepo-data-db-sidecar:latest
- trivy image --insecure --exit-code 0 data-db-sidecar:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL data-db-sidecar:latest
cache:
paths:
- .trivycache/
artifacts:
when: always
expire_in: 1 days
reports:
container_scanning: ./.trivy/trivy-data-db-sidecar-report.json
scan-gateway-service: scan-gateway-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
...@@ -347,9 +367,9 @@ scan-metadata-service: ...@@ -347,9 +367,9 @@ scan-metadata-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json dbrepo-metadata-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -367,9 +387,9 @@ scan-data-service: ...@@ -367,9 +387,9 @@ scan-data-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json dbrepo-data-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 0 dbrepo-data-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-data-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -387,9 +407,9 @@ scan-search-db: ...@@ -387,9 +407,9 @@ scan-search-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json dbrepo-search-db:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 0 dbrepo-search-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-db:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -399,7 +419,7 @@ scan-search-db: ...@@ -399,7 +419,7 @@ scan-search-db:
reports: reports:
container_scanning: ./.trivy/trivy-search-db-report.json container_scanning: ./.trivy/trivy-search-db-report.json
scan-search-dashboard: scan-search-service-init:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -407,9 +427,9 @@ scan-search-dashboard: ...@@ -407,9 +427,9 @@ scan-search-dashboard:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-init-report.json dbrepo-search-service-init:latest
- trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 0 dbrepo-search-service-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service-init:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -417,9 +437,9 @@ scan-search-dashboard: ...@@ -417,9 +437,9 @@ scan-search-dashboard:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-search-dashboard-report.json container_scanning: ./.trivy/trivy-search-service-init-report.json
scan-search-db-init: scan-data-db:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -427,9 +447,9 @@ scan-search-db-init: ...@@ -427,9 +447,9 @@ scan-search-db-init:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -437,9 +457,9 @@ scan-search-db-init: ...@@ -437,9 +457,9 @@ scan-search-db-init:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-search-db-init-report.json container_scanning: ./.trivy/trivy-data-db-report.json
scan-data-db: scan-metadata-db:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -447,9 +467,9 @@ scan-data-db: ...@@ -447,9 +467,9 @@ scan-data-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json dbrepo-metadata-db:latest
- trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 0 dbrepo-metadata-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-db:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -457,9 +477,9 @@ scan-data-db: ...@@ -457,9 +477,9 @@ scan-data-db:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-data-db-report.json container_scanning: ./.trivy/trivy-metadata-db-report.json
scan-metadata-db: scan-ui:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -467,9 +487,9 @@ scan-metadata-db: ...@@ -467,9 +487,9 @@ scan-metadata-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-ui:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 0 dbrepo-ui:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-ui:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -477,9 +497,9 @@ scan-metadata-db: ...@@ -477,9 +497,9 @@ scan-metadata-db:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-metadata-db-report.json container_scanning: ./.trivy/trivy-ui-report.json
scan-ui: scan-search-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -487,9 +507,9 @@ scan-ui: ...@@ -487,9 +507,9 @@ scan-ui:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-search-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 0 dbrepo-search-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -527,9 +547,9 @@ scan-storage-service-init: ...@@ -527,9 +547,9 @@ scan-storage-service-init:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json dbrepo-storage-service-init:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 0 dbrepo-storage-service-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-storage-service-init:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment