Commit 5490e224 authored by hashworks's avatar hashworks
Browse files

Update .gitlab-ci.yml

parent 38c25181
Pipeline #739 failed with stages
in 2 minutes and 48 seconds
......@@ -41,17 +41,17 @@ test:
- job: docker
artifacts: false
- pacman -Sy
- pacman -Sy arch-audit jq # No -Syu since we want to audit the current image state
- pacman -Qqk
- pacman -Syu --noconfirm docker grep arch-audit jq
- docker -v
- id -u http
- locale | grep -q UTF-8
- AUDIT="$(arch-audit --color never --recursive)"
- if [ -n "$AUDIT" ]; then
- echo "$AUDIT"
- echo '{"version":"3.0.1","schema":"","scan":{"start_time":"'"$(date --iso-8601=s)"'","type":"container_scanning","scanner":{"id":"arch_audit","name":"arch-audit","vendor":{"name":"ilpianista/arch-audit"},"url":"https:\/\/\/ilpianista\/arch-audit","version":"'"$(arch-audit --version | cut -d\ -f2)"'"}},"vulnerabilities":['$(arch-audit --color never --recursive --format '{"category":"Container Scanning","id":"%n","name":"'"${CI_COMMIT_SHORT_SHA}"'-%n","message":"Package %n is affected by known CVEs","description":"Package %n is affected by known CVEs. It is required by %r.","scanner":{"id":"arch_audit","name":"arch-audit"},"identifiers":[%c],"links":[{"name":"Package on Arch Security Tracker","url":""}],"severity":"Unknown","location":{"image":"'"${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"'","operating_system":"Arch Linux","dependency":{"package":{"name":"%n"},"version":"%v"}}},')']}' | sed 's/\(CVE-[0-9]\{4\}-[0-9]\{1,\}\)/{"type":"cve","name":"\1","value":"\1","url":"https:\/\/\/cgi-bin\/cvename.cgi?name=\1"}/g' | sed 's/,]\s*/]/g' | jq > arch-audit.json
- fi
- pacman -Syu --noconfirm docker grep
- docker -v
- id -u http
- locale | grep -q UTF-8
container_scanning: arch-audit.json
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment