Skip to content
Snippets Groups Projects
Verified Commit 78a1d0c4 authored by Martin Weise's avatar Martin Weise
Browse files

Added more scans

parent e58b8e67
Branches
Tags
2 merge requests!268Master,!267Added more scans
Show whitespace changes
Inline Side-by-side
Showing
with 66 additions and 46 deletions
.gitlab-ci.yml
+ 66
46
View file @ 78a1d0c4
...@@ -267,9 +267,9 @@ scan-analyse-service: ...@@ -267,9 +267,9 @@ scan-analyse-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 0 dbrepo-analyse-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-analyse-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -279,7 +279,7 @@ scan-analyse-service: ...@@ -279,7 +279,7 @@ scan-analyse-service:
reports: reports:
container_scanning: ./.trivy/trivy-analyse-service-report.json container_scanning: ./.trivy/trivy-analyse-service-report.json
scan-authentication-service: scan-auth-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -287,9 +287,9 @@ scan-authentication-service: ...@@ -287,9 +287,9 @@ scan-authentication-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json dbrepo-auth-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 0 dbrepo-auth-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-auth-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -307,9 +307,9 @@ scan-broker-service: ...@@ -307,9 +307,9 @@ scan-broker-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json dbrepo-broker-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 dbrepo-broker-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-broker-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -319,6 +319,26 @@ scan-broker-service: ...@@ -319,6 +319,26 @@ scan-broker-service:
reports: reports:
container_scanning: ./.trivy/trivy-broker-service-report.json container_scanning: ./.trivy/trivy-broker-service-report.json
scan-data-db-sidecar:
image: bitnami/trivy:latest
stage: scan
only:
refs:
- master
allow_failure: true
script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-sidecar-report.json dbrepo-data-db-sidecar:latest
- trivy image --insecure --exit-code 0 data-db-sidecar:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL data-db-sidecar:latest
cache:
paths:
- .trivycache/
artifacts:
when: always
expire_in: 1 days
reports:
container_scanning: ./.trivy/trivy-data-db-sidecar-report.json
scan-gateway-service: scan-gateway-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
...@@ -347,9 +367,9 @@ scan-metadata-service: ...@@ -347,9 +367,9 @@ scan-metadata-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json dbrepo-metadata-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -367,9 +387,9 @@ scan-data-service: ...@@ -367,9 +387,9 @@ scan-data-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json dbrepo-data-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 0 dbrepo-data-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-data-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -387,9 +407,9 @@ scan-search-db: ...@@ -387,9 +407,9 @@ scan-search-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json dbrepo-search-db:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 0 dbrepo-search-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-db:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -399,7 +419,7 @@ scan-search-db: ...@@ -399,7 +419,7 @@ scan-search-db:
reports: reports:
container_scanning: ./.trivy/trivy-search-db-report.json container_scanning: ./.trivy/trivy-search-db-report.json
scan-search-dashboard: scan-search-service-init:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -407,9 +427,9 @@ scan-search-dashboard: ...@@ -407,9 +427,9 @@ scan-search-dashboard:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-init-report.json dbrepo-search-service-init:latest
- trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 0 dbrepo-search-service-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service-init:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -417,9 +437,9 @@ scan-search-dashboard: ...@@ -417,9 +437,9 @@ scan-search-dashboard:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-search-dashboard-report.json container_scanning: ./.trivy/trivy-search-service-init-report.json
scan-search-db-init: scan-data-db:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -427,9 +447,9 @@ scan-search-db-init: ...@@ -427,9 +447,9 @@ scan-search-db-init:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -437,9 +457,9 @@ scan-search-db-init: ...@@ -437,9 +457,9 @@ scan-search-db-init:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-search-db-init-report.json container_scanning: ./.trivy/trivy-data-db-report.json
scan-data-db: scan-metadata-db:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -447,9 +467,9 @@ scan-data-db: ...@@ -447,9 +467,9 @@ scan-data-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json dbrepo-metadata-db:latest
- trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 0 dbrepo-metadata-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-db:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -457,9 +477,9 @@ scan-data-db: ...@@ -457,9 +477,9 @@ scan-data-db:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-data-db-report.json container_scanning: ./.trivy/trivy-metadata-db-report.json
scan-metadata-db: scan-ui:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -467,9 +487,9 @@ scan-metadata-db: ...@@ -467,9 +487,9 @@ scan-metadata-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-ui:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 0 dbrepo-ui:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-ui:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -477,9 +497,9 @@ scan-metadata-db: ...@@ -477,9 +497,9 @@ scan-metadata-db:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-metadata-db-report.json container_scanning: ./.trivy/trivy-ui-report.json
scan-ui: scan-search-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -487,9 +507,9 @@ scan-ui: ...@@ -487,9 +507,9 @@ scan-ui:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-search-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 0 dbrepo-search-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -527,9 +547,9 @@ scan-storage-service-init: ...@@ -527,9 +547,9 @@ scan-storage-service-init:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json dbrepo-storage-service-init:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 0 dbrepo-storage-service-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-storage-service-init:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment