Integrating Trivy with gitlab

curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s — -b /usr/local/bin
trivy image <image name>
trivy image -f json -o trivy.json <image>
stages:
- test
trivy:
stage: test
image: docker:stable-git
before_script:
- docker build -t trivy-ci-test .
- wget https://github.com/aquasecurity/trivy/releases/download/v0.1.6/trivy_0.1.6_Linux-64bit.tar.gz
- tar zxvf trivy_0.1.6_Linux-64bit.tar.gz
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh trivy-ci-test
- ./trivy — exit-code 1 — severity CRITICAL — no-progress — auto-refresh trivy-ci-test
FROM composer:1.7.2

RUN git clone https://github.com/aquasecurity/trivy-ci-test.git && cd trivy-ci-test && rm Cargo.lock && rm Pipfile.lock

CMD apk add --no-cache mysql-client
ENTRYPOINT ["mysql"]
- ./trivy — exit-code 0 — severity HIGH — no-progress — auto-refresh trivy-ci-test- ./trivy — exit-code 1 — severity CRITICAL — no-progress — auto-refresh trivy-ci-test
./trivy — exit-code 0 — severity HIGH — no-progress — auto-refresh trivy-ci-test

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store