IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-24 09:50:29 -06:00
Code Issues Packages Projects Releases Wiki Activity
ad6010a7b3
grafana/.circleci/config.yml
Arve Knudsen 77cbb4f0f9
Circle: Remove release pipeline (#28474) 
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-22 16:22:48 +02:00

61 lines
1.8 KiB
YAML
Raw Blame History

version: 2.1
aliases:
# Workflow filters
- &filter-only-master
branches:
only: master
jobs:
scan-docker-image:
description: "Scans a docker image for vulnerabilities using trivy"
parameters:
image:
type: string
tag:
type: string
docker:
- image: circleci/buildpack-deps:stretch
steps:
- setup_remote_docker
- restore_cache:
key: vulnerability-db
- run:
name: Install trivy
command: |
VERSION=$(
curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | \
grep '"tag_name":' | \
sed -E 's/.*"v([^"]+)".*/\1/'
)
wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz
tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz
sudo mv trivy /usr/local/bin
- run:
name: Clear trivy cache
command: trivy --clear-cache
- run:
name: Scan Docker image for unkown/low/medium vulnerabilities
command: trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM << parameters.image >>:<< parameters.tag >>
- run:
name: Scan Docker image for high/critical vulnerabilities
command: trivy --exit-code 1 --severity HIGH,CRITICAL << parameters.image >>:<< parameters.tag >>
- save_cache:
key: vulnerability-db
paths:
- $HOME/.cache/trivy
workflows:
nightly:
triggers:
- schedule:
cron: "0 0 * * *"
filters: *filter-only-master
jobs:
- scan-docker-image:
matrix:
parameters:
image: [grafana/grafana, grafana/grafana-enterprise]
tag: [latest, master, latest-ubuntu, master-ubuntu]
Reference in New Issue View Git Blame Copy Permalink