Commit 5490e224 authored by hashworks's avatar hashworks
Browse files

Update .gitlab-ci.yml

parent 38c25181
Pipeline #739 failed with stages
in 2 minutes and 48 seconds
......@@ -41,17 +41,17 @@ test:
- job: docker
artifacts: false
script:
- pacman -Sy
- pacman -Sy arch-audit jq # No -Syu since we want to audit the current image state
- pacman -Qqk
- pacman -Syu --noconfirm docker grep arch-audit jq
- docker -v
- id -u http
- locale | grep -q UTF-8
- AUDIT="$(arch-audit --color never --recursive)"
- if [ -n "$AUDIT" ]; then
- echo "$AUDIT"
- echo '{"version":"3.0.1","schema":"https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v3.0.0-rc1/dist/container-scanning-report-format.json","scan":{"start_time":"'"$(date --iso-8601=s)"'","type":"container_scanning","scanner":{"id":"arch_audit","name":"arch-audit","vendor":{"name":"ilpianista/arch-audit"},"url":"https:\/\/gitlab.com\/ilpianista\/arch-audit","version":"'"$(arch-audit --version | cut -d\ -f2)"'"}},"vulnerabilities":['$(arch-audit --color never --recursive --format '{"category":"Container Scanning","id":"%n","name":"'"${CI_COMMIT_SHORT_SHA}"'-%n","message":"Package %n is affected by known CVEs","description":"Package %n is affected by known CVEs. It is required by %r.","scanner":{"id":"arch_audit","name":"arch-audit"},"identifiers":[%c],"links":[{"name":"Package on Arch Security Tracker","url":"https://security.archlinux.org/package/%n"}],"severity":"Unknown","location":{"image":"'"${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"'","operating_system":"Arch Linux","dependency":{"package":{"name":"%n"},"version":"%v"}}},')']}' | sed 's/\(CVE-[0-9]\{4\}-[0-9]\{1,\}\)/{"type":"cve","name":"\1","value":"\1","url":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=\1"}/g' | sed 's/,]\s*/]/g' | jq > arch-audit.json
- fi
- pacman -Syu --noconfirm docker grep
- docker -v
- id -u http
- locale | grep -q UTF-8
artifacts:
reports:
container_scanning: arch-audit.json
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment