Skip to content
Snippets Groups Projects
Verified Commit 78a1d0c4 authored by Martin Weise's avatar Martin Weise
Browse files

Added more scans

parent e58b8e67
No related branches found
No related tags found
2 merge requests!268Master,!267Added more scans
Show whitespace changes
Inline Side-by-side
Showing
with 66 additions and 46 deletions
.gitlab-ci.yml
+ 66
46
View file @ 78a1d0c4
...@@ -267,9 +267,9 @@ scan-analyse-service: ...@@ -267,9 +267,9 @@ scan-analyse-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 0 dbrepo-analyse-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-analyse-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -279,7 +279,7 @@ scan-analyse-service: ...@@ -279,7 +279,7 @@ scan-analyse-service:
reports: reports:
container_scanning: ./.trivy/trivy-analyse-service-report.json container_scanning: ./.trivy/trivy-analyse-service-report.json
scan-authentication-service: scan-auth-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -287,9 +287,9 @@ scan-authentication-service: ...@@ -287,9 +287,9 @@ scan-authentication-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json dbrepo-auth-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 0 dbrepo-auth-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-auth-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -307,9 +307,9 @@ scan-broker-service: ...@@ -307,9 +307,9 @@ scan-broker-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json dbrepo-broker-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 dbrepo-broker-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-broker-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -319,6 +319,26 @@ scan-broker-service: ...@@ -319,6 +319,26 @@ scan-broker-service:
reports: reports:
container_scanning: ./.trivy/trivy-broker-service-report.json container_scanning: ./.trivy/trivy-broker-service-report.json
scan-data-db-sidecar:
image: bitnami/trivy:latest
stage: scan
only:
refs:
- master
allow_failure: true
script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-sidecar-report.json dbrepo-data-db-sidecar:latest
- trivy image --insecure --exit-code 0 data-db-sidecar:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL data-db-sidecar:latest
cache:
paths:
- .trivycache/
artifacts:
when: always
expire_in: 1 days
reports:
container_scanning: ./.trivy/trivy-data-db-sidecar-report.json
scan-gateway-service: scan-gateway-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
...@@ -347,9 +367,9 @@ scan-metadata-service: ...@@ -347,9 +367,9 @@ scan-metadata-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json dbrepo-metadata-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -367,9 +387,9 @@ scan-data-service: ...@@ -367,9 +387,9 @@ scan-data-service:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json dbrepo-data-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 0 dbrepo-data-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-data-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -387,9 +407,9 @@ scan-search-db: ...@@ -387,9 +407,9 @@ scan-search-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json dbrepo-search-db:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 0 dbrepo-search-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-db:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -399,7 +419,7 @@ scan-search-db: ...@@ -399,7 +419,7 @@ scan-search-db:
reports: reports:
container_scanning: ./.trivy/trivy-search-db-report.json container_scanning: ./.trivy/trivy-search-db-report.json
scan-search-dashboard: scan-search-service-init:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -407,9 +427,9 @@ scan-search-dashboard: ...@@ -407,9 +427,9 @@ scan-search-dashboard:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-init-report.json dbrepo-search-service-init:latest
- trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 0 dbrepo-search-service-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0 - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service-init:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -417,9 +437,9 @@ scan-search-dashboard: ...@@ -417,9 +437,9 @@ scan-search-dashboard:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-search-dashboard-report.json container_scanning: ./.trivy/trivy-search-service-init-report.json
scan-search-db-init: scan-data-db:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -427,9 +447,9 @@ scan-search-db-init: ...@@ -427,9 +447,9 @@ scan-search-db-init:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -437,9 +457,9 @@ scan-search-db-init: ...@@ -437,9 +457,9 @@ scan-search-db-init:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-search-db-init-report.json container_scanning: ./.trivy/trivy-data-db-report.json
scan-data-db: scan-metadata-db:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -447,9 +467,9 @@ scan-data-db: ...@@ -447,9 +467,9 @@ scan-data-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json dbrepo-metadata-db:latest
- trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 0 dbrepo-metadata-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0 - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-db:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -457,9 +477,9 @@ scan-data-db: ...@@ -457,9 +477,9 @@ scan-data-db:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-data-db-report.json container_scanning: ./.trivy/trivy-metadata-db-report.json
scan-metadata-db: scan-ui:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -467,9 +487,9 @@ scan-metadata-db: ...@@ -467,9 +487,9 @@ scan-metadata-db:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-ui:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 0 dbrepo-ui:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-ui:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -477,9 +497,9 @@ scan-metadata-db: ...@@ -477,9 +497,9 @@ scan-metadata-db:
when: always when: always
expire_in: 1 days expire_in: 1 days
reports: reports:
container_scanning: ./.trivy/trivy-metadata-db-report.json container_scanning: ./.trivy/trivy-ui-report.json
scan-ui: scan-search-service:
image: bitnami/trivy:latest image: bitnami/trivy:latest
stage: scan stage: scan
only: only:
...@@ -487,9 +507,9 @@ scan-ui: ...@@ -487,9 +507,9 @@ scan-ui:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-search-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 0 dbrepo-search-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
...@@ -527,9 +547,9 @@ scan-storage-service-init: ...@@ -527,9 +547,9 @@ scan-storage-service-init:
- master - master
allow_failure: true allow_failure: true
script: script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json dbrepo-storage-service-init:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 0 dbrepo-storage-service-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-storage-service-init:latest
cache: cache:
paths: paths:
- .trivycache/ - .trivycache/
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment