Commit a884d814 authored by hashworks's avatar hashworks
Browse files

Update .gitlab-ci.yml

parent 1ce426bb
Pipeline #737 passed with stages
in 3 minutes and 7 seconds
......@@ -50,7 +50,7 @@ test:
- AUDIT="$(arch-audit --color never --recursive)"
- if [ -n "$AUDIT" ]; then
- echo "$AUDIT"
- echo '{"version":"3.0.1","schema":"https:\/\/gitlab.com\/gitlab-org\/security-products\/security-report-schemas\/-\/raw\/v3.0.0-rc1\/dist\/container-scanning-report-format.json","scan":{"start_time":"'"$(date --iso-8601=s)"'","type":"container_scanning","scanner":{"id":"arch_audit","name":"arch-audit","vendor":{"name":"ilpianista"},"url":"https:\/\/gitlab.com\/ilpianista\/arch-audit","version":"'"$(arch-audit --version | cut -d\ -f2)"'"}},"vulnerabilities":['$(arch-audit --color never --recursive --format '{"category":"Container Scanning","id":"%n","name":"%n","message":"Package %n is affected by known CVEs","description":"Package %n is affected by known CVEs. It is required by %r.","scanner":{"id":"arch_audit","name":"arch-audit"},"identifiers":[%c],"links":[{"name":"Package on Arch Security Tracker","url":"https://security.archlinux.org/package/%n"}],"severity":"Unknown","location":{"image":"'"$FOO"'","operating_system":"Arch Linux","dependency":{"package":{"name":"%n"},"version":"%v"}}},')']}' | sed 's/\(CVE-[0-9]\{4\}-[0-9]\{1,\}\)/{"type":"cve","name":"\1","value":"\1","url":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=\1"}/g' | sed 's/,]\s*/]/g' | jq > arch-audit.json
- echo '{"version":"3.0.1","schema":"https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v3.0.0-rc1/dist/container-scanning-report-format.json","scan":{"start_time":"'"$(date --iso-8601=s)"'","type":"container_scanning","scanner":{"id":"arch_audit","name":"arch-audit","vendor":{"name":"ilpianista"},"url":"https:\/\/gitlab.com\/ilpianista\/arch-audit","version":"'"$(arch-audit --version | cut -d\ -f2)"'"}},"vulnerabilities":['$(arch-audit --color never --recursive --format '{"category":"Container Scanning","id":"%n","name":"%n","message":"Package %n is affected by known CVEs","description":"Package %n is affected by known CVEs. It is required by %r.","scanner":{"id":"arch_audit","name":"arch-audit"},"identifiers":[%c],"links":[{"name":"Package on Arch Security Tracker","url":"https://security.archlinux.org/package/%n"}],"severity":"Unknown","location":{"image":"'"${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"'","operating_system":"Arch Linux","dependency":{"package":{"name":"%n"},"version":"%v"}}},')']}' | sed 's/\(CVE-[0-9]\{4\}-[0-9]\{1,\}\)/{"type":"cve","name":"\1","value":"\1","url":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=\1"}/g' | sed 's/,]\s*/]/g' | jq > arch-audit.json
- fi
artifacts:
reports:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment