33369: Add pipeline step with trivy scan for latest on grafana/grafan… (#34660)

* 33369: Add pipeline step with trivy scan for latest on grafana/grafana to drone config * 33369:Add docker image scan steps to .drone.star file * 33369: Add low/medium/unknwon scan into one pipeline step * 33369:Make starlark generate code only for the given edition * 33369:Adjust naming and add loop into vulnerability step * Update scripts/job.star Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2025-02-25 18:55:37 -06:00 · 2021-05-26 14:27:40 +02:00
parent 6fb0560a84
commit 3064209cd5
3 changed files with 86 additions and 1 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -3432,6 +3432,38 @@ depends_on:
 - enterprise-build-release-branch
 - enterprise-windows-release-branch

+---
+kind: pipeline
+type: docker
+name: scan-docker-images
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+- name: scan-docker-images-unkown-low-medium-vulnerabilities
+  image: aquasec/trivy:0.18.3
+  commands:
+  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest
+  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main
+  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest-ubuntu
+  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main-ubuntu
+
+- name: scan-docker-images-high-critical-vulnerabilities
+  image: aquasec/trivy:0.18.3
+  commands:
+  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest
+  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main
+  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu
+  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu
+
+trigger:
+  cron:
+  - nightly
+  event:
+  - cron
+
 ---
 kind: secret
 name: dockerconfigjson