github.com/Azure/aad-pod-identity@v1.8.17/.pipelines/templates/scan-images.yml

github.com/Azure/aad-pod-identity@v1.8.17/.pipelines/templates/scan-images.yml (about)

     1  steps:
     2    - script: |
     3        export REGISTRY="e2e"
     4        export IMAGE_VERSION="test"
     5        export OUTPUT_TYPE="docker"
     6        export BUILD_PLATFORMS="linux/amd64"
     7        make images
     8  
     9        wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION:-0.30.4}/trivy_${TRIVY_VERSION:-0.30.4}_Linux-64bit.tar.gz
    10        tar zxvf trivy_${TRIVY_VERSION:-0.30.4}_Linux-64bit.tar.gz
    11  
    12        # show all vulnerabilities in the logs
    13        ./trivy "${REGISTRY}/mic:${IMAGE_VERSION}"
    14        ./trivy "${REGISTRY}/nmi:${IMAGE_VERSION}"
    15        ./trivy "${REGISTRY}/identityvalidator:${IMAGE_VERSION}"
    16        ./trivy "${REGISTRY}/demo:${IMAGE_VERSION}"
    17  
    18        ./trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL --vuln-type os,library "${REGISTRY}/mic:${IMAGE_VERSION}" || exit 1
    19        ./trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL --vuln-type os,library "${REGISTRY}/nmi:${IMAGE_VERSION}" || exit 1
    20        ./trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL --vuln-type os,library "${REGISTRY}/identityvalidator:${IMAGE_VERSION}" || exit 1
    21        ./trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL --vuln-type os,library "${REGISTRY}/demo:${IMAGE_VERSION}" || exit 1
    22      displayName: "Scan images for vulnerability"