mirror of
https://github.com/kasmtech/workspaces-core-images.git
synced 2024-11-25 08:53:12 +01:00
tweaks to vuln filters, add code quality
This commit is contained in:
parent
cda41bf89f
commit
16c44916af
@ -4,6 +4,10 @@
|
||||
image: docker:24.0.6
|
||||
services:
|
||||
- docker:24.0.6-dind
|
||||
|
||||
include:
|
||||
- template: Code-Quality.gitlab-ci.yml
|
||||
|
||||
stages:
|
||||
- template
|
||||
- run
|
||||
|
@ -29,7 +29,7 @@ set -x
|
||||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
trivy_dir="${SCRIPT_DIR}/trivy"
|
||||
trivy_cmd="$trivy_dir/trivy $scan_cmd --no-progress --ignore-unfixed --ignore-policy ${SCRIPT_DIR}/vulnerability-filter.rego --cache-dir $HOME/.trivycache $options"
|
||||
trivy_cmd="$trivy_dir/trivy $scan_cmd --no-progress --ignore-status will_not_fix,fix_deferred --ignore-policy ${SCRIPT_DIR}/vulnerability-filter.rego --cache-dir $HOME/.trivycache $options" #--ignore-unfixed --severity HIGH,CRITICAL,MEDIUM
|
||||
source_dir="${CI_PROJECT_DIR:-$trivy_dir}"
|
||||
|
||||
build_report
|
||||
|
@ -4,6 +4,12 @@ import data.lib.trivy
|
||||
|
||||
default ignore = false
|
||||
|
||||
# Ignore unfixed low and medium
|
||||
ignore {
|
||||
not input.FixedVersion
|
||||
input.Severity == {"LOW", "MEDIUM"}[_]
|
||||
}
|
||||
|
||||
# KASM-5262 - False positives in libssl1.1 library that is manually installed on some distros
|
||||
ignore {
|
||||
input.PkgName == "libssl1.1"
|
||||
|
Loading…
Reference in New Issue
Block a user