chore(): Migrates trivy to remote mode
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
c594440ac9
commit
a481e99ac3
2 changed files with 5 additions and 7 deletions
|
|
@ -13,9 +13,8 @@ steps:
|
|||
password:
|
||||
from_secret: registry_password
|
||||
repo: scm.project42.io/elia/trivy
|
||||
dry_run: true
|
||||
dry_run: false
|
||||
squash: true
|
||||
purge: false
|
||||
compress: true
|
||||
tags:
|
||||
- pre-scan
|
||||
|
|
@ -25,8 +24,7 @@ steps:
|
|||
image: scm.project42.io/elia/trivy:production
|
||||
privileged: true
|
||||
commands:
|
||||
- /usr/local/bin/dockerd --data-root /var/lib/docker --host=unix:///var/run/docker.sock
|
||||
- /usr/local/bin/dockerd-entrypoint.sh /usr/local/bin/trivy image scm.project42.io/elia/trivy:pre-scan
|
||||
- /usr/local/bin/trivy image --image-src remote scm.project42.io/elia/trivy:pre-scan
|
||||
failure: ignore
|
||||
|
||||
trigger:
|
||||
|
|
@ -51,6 +49,7 @@ steps:
|
|||
repo: scm.project42.io/elia/trivy
|
||||
dry_run: false
|
||||
squash: true
|
||||
compress: true
|
||||
tags:
|
||||
- production
|
||||
- "${DRONE_COMMIT_SHA:0:8}"
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
FROM docker:dind
|
||||
FROM alpine
|
||||
MAINTAINER Elia El Lazkani <git@lazkani.io>
|
||||
|
||||
ARG ORAS_VERSION="1.0.0"
|
||||
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
||||
|
||||
RUN apk add --virtual .build-deps curl && \
|
||||
export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \
|
||||
|
|
@ -14,4 +13,4 @@ RUN apk add --virtual .build-deps curl && \
|
|||
ln -s /opt/trivy/trivy /usr/local/bin/trivy && \
|
||||
apk del .build-deps
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/usr/local/bin/trivy"]
|
||||
ENTRYPOINT ["/usr/local/bin/trivy"]
|
||||
|
|
|
|||
Loading…
Reference in a new issue