feat(ci): generate correct md/html output from trivy (#1462)

* feat(ci): generate correct md/html output from trivy

* split css from trivy template

* remove code tags

* use plain md

* click to expand

* use tccr in security scan docs
This commit is contained in:
Kjeld Schouten-Lebbing
2021-12-04 14:25:20 +01:00
committed by GitHub
parent 52aecf1094
commit 1b6c21ca76
5 changed files with 1722 additions and 8 deletions
+26
View File
@@ -0,0 +1,26 @@
.severity {
text-align: center;
font-weight: bold;
color: #fafafa;
}
.severity-LOW .severity { background-color: #5fbb31; }
.severity-MEDIUM .severity { background-color: #e9c600; }
.severity-HIGH .severity { background-color: #ff8800; }
.severity-CRITICAL .severity { background-color: #e40000; }
.severity-UNKNOWN .severity { background-color: #747474; }
.severity-LOW { background-color: #5fbb3160; }
.severity-MEDIUM { background-color: #e9c60060; }
.severity-HIGH { background-color: #ff880060; }
.severity-CRITICAL { background-color: #e4000060; }
.severity-UNKNOWN { background-color: #74747460; }
table tr td:first-of-type {
font-weight: bold;
}
.links a,
.links[data-more-links=on] a {
display: block;
}
.links[data-more-links=off] a:nth-of-type(1n+5) {
display: none;
}
a.toggle-more-links { cursor: pointer; }
+89
View File
File diff suppressed because one or more lines are too long
+1583
View File
File diff suppressed because it is too large Load Diff
+21
View File
@@ -0,0 +1,21 @@
{{- if . -}}
#### {{ escapeXML ( index . 0 ).Target }}
{{ range . }}
**{{ escapeXML .Type }}**
{{ if (eq (len .Vulnerabilities) 0) }}
| No Vulnerabilities found |
|:---------------------------------|
{{ else }}
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
{{- range .Vulnerabilities }}
| {{ escapeXML .PkgName }} | {{ escapeXML .VulnerabilityID }} | {{ escapeXML .Vulnerability.Severity }} | {{ escapeXML .InstalledVersion }} | {{ escapeXML .FixedVersion }} | <details><summary>Click to expand!</summary>{{ range .Vulnerability.References }}<a href={{ escapeXML . | printf "%q" }}>{{ escapeXML . }}</a><br>{{ end }}</details> |
{{- end }}
{{- end }}
{{- end }}
{{- else }}
| No Vulnerabilities found |
|:---------------------------------|
{{- end }}
+3 -8
View File
@@ -292,10 +292,7 @@ helm_sec_scan() {
echo "##### Scan Results" >> ${chart}/sec-scan.md
echo "" >> ${chart}/sec-scan.md
helm template ${chart} --output-dir ${chart}/render
## TODO: Cleanup security scan layout
echo '```' >> ${chart}/sec-scan.md
trivy config ${chart}/render >> ${chart}/sec-scan.md
echo '```' >> ${chart}/sec-scan.md
trivy config -f template --template "@./templates/trivy.tpl" ${chart}/render >> ${chart}/sec-scan.md
echo "" >> ${chart}/sec-scan.md
}
@@ -314,14 +311,11 @@ container_sec_scan() {
echo "" >> ${chart}/sec-scan.md
echo "##### Scan Results" >> ${chart}/sec-scan.md
echo "" >> ${chart}/sec-scan.md
## TODO: Cleanup security scan layout
for container in $(cat ${chart}/render/containers.tmp); do
echo "**Container: ${container}**" >> ${chart}/sec-scan.md
echo "" >> ${chart}/sec-scan.md
echo '```' >> ${chart}/sec-scan.md
ghcrcont=$(echo ${container} | sed "s/tccr.io/ghcr.io/g")
trivy image ${ghcrcont} >> ${chart}/sec-scan.md
echo '```' >> ${chart}/sec-scan.md
trivy image -f template --template "@./templates/trivy.tpl" ${ghcrcont} >> ${chart}/sec-scan.md
echo "" >> ${chart}/sec-scan.md
done
@@ -333,6 +327,7 @@ sec_scan_cleanup() {
local train="$3"
local chartversion="$4"
rm -rf ${chart}/render
sed -i 's/ghcr.io/tccr.io/g' ${chart}/sec-scan.md
}
pre_commit() {