Commit 598ebdd8 authored by hashworks's avatar hashworks
Browse files

Add dependency scanning with arch-audit

parent 79e8df9a
Pipeline #729 failed with stages
in 2 minutes and 55 seconds
......@@ -43,8 +43,18 @@ test:
script:
- pacman -Sy
- pacman -Qqk
- pacman -Syu --noconfirm docker grep
- pacman -Syu --noconfirm docker grep arch-audit jq
- docker -v
- id -u http
- locale | grep -q UTF-8
- echo '{"version":"3.0.1","vulnerabilities":['
$(arch-audit --color never --recursive --format
'{"category":"Dependency Scanning","id":"%n","name":"%n","message":"Package %n is affected by known CVEs. It is required by %r.","scanner":{"id":"arch_audit","name":"arch-audit"},"identifiers":[%c],"links":["https://security.archlinux.org/package/%n"]},')
'],"dependency_files":[]}'
| sed 's/\(CVE-[0-9]\{4\}-[0-9]\{1,\}\)/{"type":"cve","name":"\1","value":"\1","link":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=\1"}/g'
| sed 's/,]/]/g'
| jq > arch-audit.json
artifacts:
reports:
dependency_scanning: arch-audit.json
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment