From 34cae63718eef015dc31f5ce1afad8e507f0ec65 Mon Sep 17 00:00:00 2001 From: Bertrand Goareguer <bertrand.goareguer@gmail.com> Date: Mon, 1 Jul 2024 15:03:41 +0000 Subject: [PATCH] fix(trivy): custom clean cache command --- templates/gitlab-ci-docker.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index c399c43..c68a2ea 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -167,6 +167,9 @@ spec: - HIGH,CRITICAL - CRITICAL default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + trivy-clean-cache-cmd: + description: Command used to clean the Trivy cache + default: clean --scan-cache trivy-args: description: Additional `trivy client` arguments default: --ignore-unfixed --vuln-type os --exit-on-eol 1 @@ -254,6 +257,7 @@ variables: DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: $[[ inputs.trivy-security-level-threshold ]] DOCKER_TRIVY_IMAGE: $[[ inputs.trivy-image ]] DOCKER_TRIVY_ARGS: $[[ inputs.trivy-args ]] + DOCKER_TRIVY_CLEAN_CACHE_CMD: $[[ inputs.trivy-clean-cache-cmd ]] DOCKER_TRIVY_DB_REPOSITORY: $[[ inputs.trivy-db-repository ]] DOCKER_TRIVY_JAVA_DB_REPOSITORY: $[[ inputs.trivy-java-db-repository ]] @@ -930,7 +934,7 @@ docker-trivy: TRIVY_CACHE_DIR: ".trivycache/" script: | # cache cleanup is needed when scanning images with the same tags, it does not remove the database - trivy image --clear-cache + trivy $DOCKER_TRIVY_CLEAN_CACHE_CMD export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}} export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}} basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') -- GitLab