Commit 1d214a62 authored by hashworks's avatar hashworks
Browse files

Update .gitlab-ci.yml

parent 33194693
Pipeline #735 canceled with stages
in 20 seconds
......@@ -49,12 +49,8 @@ test:
- locale | grep -q UTF-8
- AUDIT="$(arch-audit --color never --recursive)"
- if [ -n "$AUDIT" ]; then
- echo '{"version":"3.0.1","scanner":{"id":"arch_audit","name":"arch-audit","vendor":{"name":"ilpianista"},"url":"https:\/\/gitlab.com\/ilpianista\/arch-audit","version":"'"$(arch-audit --version | cut -d\ -f2)"'"},"vulnerabilities":['
$(arch-audit --color never --recursive --format '{"category":"Dependency Scanning","id":"%n","name":"%n","message":"Package %n is affected by known CVEs. It is required by %r.","scanner":{"id":"arch_audit","name":"arch-audit"},"identifiers":[%c],"links":[{"name":"Package on Arch Security Tracker","url":"https://security.archlinux.org/package/%n"}]},')
'],"dependency_files":[]}'
| sed 's/\(CVE-[0-9]\{4\}-[0-9]\{1,\}\)/{"type":"cve","name":"\1","value":"\1","url":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=\1"}/g'
| sed 's/,\s*]/]/g'
| jq > arch-audit.json
- echo "$AUDIT"
- echo '{"version":"3.0.1","schema":"https:\/\/gitlab.com\/gitlab-org\/security-products\/security-report-schemas\/-\/raw\/v3.0.0-rc1\/dist\/container-scanning-report-format.json","scan":{"start_time":"'"$(date --iso-8601=s)"'","type":"container_scanning","scanner":{"id":"arch_audit","name":"arch-audit","vendor":{"name":"ilpianista"},"url":"https:\/\/gitlab.com\/ilpianista\/arch-audit","version":"'"$(arch-audit --version | cut -d\ -f2)"'"}},"vulnerabilities":['$(arch-audit --color never --recursive --format '{"category":"Container Scanning","id":"%n","name":"%n","message":"Package %n is affected by known CVEs","description":"Package %n is affected by known CVEs. It is required by %r.","scanner":{"id":"arch_audit","name":"arch-audit"},"identifiers":[%c],"links":[{"name":"Package on Arch Security Tracker","url":"https://security.archlinux.org/package/%n"}],"severity":"Unknown","location":{"image":"'"$FOO"'","operating_system":"Arch Linux","dependency":{"package":{"name":"%n"},"version":"%v"}}},')']}' | sed 's/\(CVE-[0-9]\{4\}-[0-9]\{1,\}\)/{"type":"cve","name":"\1","value":"\1","url":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=\1"}/g' | sed 's/,]\s*/]/g' | jq > arch-audit.json
- fi
artifacts:
reports:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment