feat(ci): generate correct md/html output from trivy (#1462)
* feat(ci): generate correct md/html output from trivy * split css from trivy template * remove code tags * use plain md * click to expand * use tccr in security scan docs
This commit is contained in:
committed by
GitHub
parent
52aecf1094
commit
1b6c21ca76
Vendored
+26
@@ -0,0 +1,26 @@
|
||||
.severity {
|
||||
text-align: center;
|
||||
font-weight: bold;
|
||||
color: #fafafa;
|
||||
}
|
||||
.severity-LOW .severity { background-color: #5fbb31; }
|
||||
.severity-MEDIUM .severity { background-color: #e9c600; }
|
||||
.severity-HIGH .severity { background-color: #ff8800; }
|
||||
.severity-CRITICAL .severity { background-color: #e40000; }
|
||||
.severity-UNKNOWN .severity { background-color: #747474; }
|
||||
.severity-LOW { background-color: #5fbb3160; }
|
||||
.severity-MEDIUM { background-color: #e9c60060; }
|
||||
.severity-HIGH { background-color: #ff880060; }
|
||||
.severity-CRITICAL { background-color: #e4000060; }
|
||||
.severity-UNKNOWN { background-color: #74747460; }
|
||||
table tr td:first-of-type {
|
||||
font-weight: bold;
|
||||
}
|
||||
.links a,
|
||||
.links[data-more-links=on] a {
|
||||
display: block;
|
||||
}
|
||||
.links[data-more-links=off] a:nth-of-type(1n+5) {
|
||||
display: none;
|
||||
}
|
||||
a.toggle-more-links { cursor: pointer; }
|
||||
+1583
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,21 @@
|
||||
{{- if . -}}
|
||||
#### {{ escapeXML ( index . 0 ).Target }}
|
||||
{{ range . }}
|
||||
**{{ escapeXML .Type }}**
|
||||
|
||||
{{ if (eq (len .Vulnerabilities) 0) }}
|
||||
| No Vulnerabilities found |
|
||||
|:---------------------------------|
|
||||
|
||||
{{ else }}
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
{{- range .Vulnerabilities }}
|
||||
| {{ escapeXML .PkgName }} | {{ escapeXML .VulnerabilityID }} | {{ escapeXML .Vulnerability.Severity }} | {{ escapeXML .InstalledVersion }} | {{ escapeXML .FixedVersion }} | <details><summary>Click to expand!</summary>{{ range .Vulnerability.References }}<a href={{ escapeXML . | printf "%q" }}>{{ escapeXML . }}</a><br>{{ end }}</details> |
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
| No Vulnerabilities found |
|
||||
|:---------------------------------|
|
||||
{{- end }}
|
||||
@@ -292,10 +292,7 @@ helm_sec_scan() {
|
||||
echo "##### Scan Results" >> ${chart}/sec-scan.md
|
||||
echo "" >> ${chart}/sec-scan.md
|
||||
helm template ${chart} --output-dir ${chart}/render
|
||||
## TODO: Cleanup security scan layout
|
||||
echo '```' >> ${chart}/sec-scan.md
|
||||
trivy config ${chart}/render >> ${chart}/sec-scan.md
|
||||
echo '```' >> ${chart}/sec-scan.md
|
||||
trivy config -f template --template "@./templates/trivy.tpl" ${chart}/render >> ${chart}/sec-scan.md
|
||||
echo "" >> ${chart}/sec-scan.md
|
||||
}
|
||||
|
||||
@@ -314,14 +311,11 @@ container_sec_scan() {
|
||||
echo "" >> ${chart}/sec-scan.md
|
||||
echo "##### Scan Results" >> ${chart}/sec-scan.md
|
||||
echo "" >> ${chart}/sec-scan.md
|
||||
## TODO: Cleanup security scan layout
|
||||
for container in $(cat ${chart}/render/containers.tmp); do
|
||||
echo "**Container: ${container}**" >> ${chart}/sec-scan.md
|
||||
echo "" >> ${chart}/sec-scan.md
|
||||
echo '```' >> ${chart}/sec-scan.md
|
||||
ghcrcont=$(echo ${container} | sed "s/tccr.io/ghcr.io/g")
|
||||
trivy image ${ghcrcont} >> ${chart}/sec-scan.md
|
||||
echo '```' >> ${chart}/sec-scan.md
|
||||
trivy image -f template --template "@./templates/trivy.tpl" ${ghcrcont} >> ${chart}/sec-scan.md
|
||||
echo "" >> ${chart}/sec-scan.md
|
||||
done
|
||||
|
||||
@@ -333,6 +327,7 @@ sec_scan_cleanup() {
|
||||
local train="$3"
|
||||
local chartversion="$4"
|
||||
rm -rf ${chart}/render
|
||||
sed -i 's/ghcr.io/tccr.io/g' ${chart}/sec-scan.md
|
||||
}
|
||||
|
||||
pre_commit() {
|
||||
|
||||
Reference in New Issue
Block a user