From 78a1d0c44bf1c95cbd91e25a9b41d07a0c64422f Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Fri, 17 May 2024 23:15:32 +0200
Subject: [PATCH] Added more scans
---
.gitlab-ci.yml | 112 +++++++++++++++++++++++++++++--------------------
1 file changed, 66 insertions(+), 46 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5bc82cf44d..10377b3fcc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -267,9 +267,9 @@ scan-analyse-service:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-analyse-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-analyse-service:latest
cache:
paths:
- .trivycache/
@@ -279,7 +279,7 @@ scan-analyse-service:
reports:
container_scanning: ./.trivy/trivy-analyse-service-report.json
-scan-authentication-service:
+scan-auth-service:
image: bitnami/trivy:latest
stage: scan
only:
@@ -287,9 +287,9 @@ scan-authentication-service:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json dbrepo-auth-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-auth-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-auth-service:latest
cache:
paths:
- .trivycache/
@@ -307,9 +307,9 @@ scan-broker-service:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json dbrepo-broker-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-broker-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-broker-service:latest
cache:
paths:
- .trivycache/
@@ -319,6 +319,26 @@ scan-broker-service:
reports:
container_scanning: ./.trivy/trivy-broker-service-report.json
+scan-data-db-sidecar:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-sidecar-report.json dbrepo-data-db-sidecar:latest
+ - trivy image --insecure --exit-code 0 data-db-sidecar:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL data-db-sidecar:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-data-db-sidecar-report.json
+
scan-gateway-service:
image: bitnami/trivy:latest
stage: scan
@@ -347,9 +367,9 @@ scan-metadata-service:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json dbrepo-metadata-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest
cache:
paths:
- .trivycache/
@@ -367,9 +387,9 @@ scan-data-service:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json dbrepo-data-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-data-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-data-service:latest
cache:
paths:
- .trivycache/
@@ -387,9 +407,9 @@ scan-search-db:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json dbrepo-search-db:latest
+ - trivy image --insecure --exit-code 0 dbrepo-search-db:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-db:latest
cache:
paths:
- .trivycache/
@@ -399,7 +419,7 @@ scan-search-db:
reports:
container_scanning: ./.trivy/trivy-search-db-report.json
-scan-search-dashboard:
+scan-search-service-init:
image: bitnami/trivy:latest
stage: scan
only:
@@ -407,9 +427,9 @@ scan-search-dashboard:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0
- - trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-init-report.json dbrepo-search-service-init:latest
+ - trivy image --insecure --exit-code 0 dbrepo-search-service-init:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service-init:latest
cache:
paths:
- .trivycache/
@@ -417,9 +437,9 @@ scan-search-dashboard:
when: always
expire_in: 1 days
reports:
- container_scanning: ./.trivy/trivy-search-dashboard-report.json
+ container_scanning: ./.trivy/trivy-search-service-init-report.json
-scan-search-db-init:
+scan-data-db:
image: bitnami/trivy:latest
stage: scan
only:
@@ -427,9 +447,9 @@ scan-search-db-init:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
+ - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
cache:
paths:
- .trivycache/
@@ -437,9 +457,9 @@ scan-search-db-init:
when: always
expire_in: 1 days
reports:
- container_scanning: ./.trivy/trivy-search-db-init-report.json
+ container_scanning: ./.trivy/trivy-data-db-report.json
-scan-data-db:
+scan-metadata-db:
image: bitnami/trivy:latest
stage: scan
only:
@@ -447,9 +467,9 @@ scan-data-db:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json dbrepo-metadata-db:latest
+ - trivy image --insecure --exit-code 0 dbrepo-metadata-db:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-db:latest
cache:
paths:
- .trivycache/
@@ -457,9 +477,9 @@ scan-data-db:
when: always
expire_in: 1 days
reports:
- container_scanning: ./.trivy/trivy-data-db-report.json
+ container_scanning: ./.trivy/trivy-metadata-db-report.json
-scan-metadata-db:
+scan-ui:
image: bitnami/trivy:latest
stage: scan
only:
@@ -467,9 +487,9 @@ scan-metadata-db:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-ui:latest
+ - trivy image --insecure --exit-code 0 dbrepo-ui:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-ui:latest
cache:
paths:
- .trivycache/
@@ -477,9 +497,9 @@ scan-metadata-db:
when: always
expire_in: 1 days
reports:
- container_scanning: ./.trivy/trivy-metadata-db-report.json
+ container_scanning: ./.trivy/trivy-ui-report.json
-scan-ui:
+scan-search-service:
image: bitnami/trivy:latest
stage: scan
only:
@@ -487,9 +507,9 @@ scan-ui:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-search-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-search-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service:latest
cache:
paths:
- .trivycache/
@@ -527,9 +547,9 @@ scan-storage-service-init:
- master
allow_failure: true
script:
- - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest
- - trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
- - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json dbrepo-storage-service-init:latest
+ - trivy image --insecure --exit-code 0 dbrepo-storage-service-init:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-storage-service-init:latest
cache:
paths:
- .trivycache/
--
GitLab