From d8dda99d014b50e38249aefbaf1ac206d3de6bed Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 10:22:17 -0700 Subject: [PATCH 01/18] [semver:skip] add vscode files to gitignore --- .gitignore | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 19eafbb..bc69d0b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ # orb.yml is "packed" from source, and not published directly from the repository. -orb.yml \ No newline at end of file +orb.yml + +# personal vscode files +*.code-workspace +personal \ No newline at end of file From 4f4e8d88295fdfed8267f1651ed373585576a9fd Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 11:37:06 -0700 Subject: [PATCH 02/18] [semver:major] add trivy --- .circleci/config.yml | 6 +++--- README.md | 19 ++++--------------- src/@orb.yml | 5 ++--- src/commands/README.md | 4 ++-- src/commands/greet.yml | 15 --------------- src/commands/run.yml | 20 ++++++++++++++++++++ src/examples/example.yml | 5 +++-- src/executors/default.yml | 9 ++++----- src/jobs/README.md | 4 ++-- src/jobs/hello.yml | 15 --------------- src/jobs/run.yml | 20 ++++++++++++++++++++ src/scripts/greet.sh | 10 ---------- src/scripts/install.sh | 13 +++++++++++++ src/tests/greet.bats | 13 ------------- src/tests/install.bats | 11 +++++++++++ 15 files changed, 84 insertions(+), 85 deletions(-) delete mode 100755 src/commands/greet.yml create mode 100755 src/commands/run.yml delete mode 100755 src/jobs/hello.yml create mode 100755 src/jobs/run.yml delete mode 100644 src/scripts/greet.sh create mode 100644 src/scripts/install.sh delete mode 100644 src/tests/greet.bats create mode 100644 src/tests/install.bats diff --git a/.circleci/config.yml b/.circleci/config.yml index 1a186bb..8c5e2de 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -29,10 +29,10 @@ jobs: - image: cimg/base:stable steps: - checkout - # "greet" is a sample command packaged with this orb config. - # This sample integration test will run as long as the greet command exists. Once you remove the greet command you should remove this line. + # "run" is a sample command packaged with this orb config. + # This sample integration test will run as long as the run command exists. Once you remove the run command you should remove this line. # Push new changes first, before adding new tests to your config. - - trivy-orb/greet + - trivy-orb/run workflows: # Prior to producing a development orb (which requires credentials) basic validation, linting, and even unit testing can be performed. diff --git a/README.md b/README.md index c7f5c1b..0bb0401 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,10 @@ -# Orb Project Template +# Trivy orb -[![CircleCI Build Status](https://circleci.com/gh/15five/trivy-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/15five/trivy-orb) [![CircleCI Orb Version](https://badges.circleci.com/orbs/fifteen5/trivy-orb.svg)](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb) [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/15five/trivy-orb/master/LICENSE) [![CircleCI Community](https://img.shields.io/badge/community-CircleCI%20Discuss-343434.svg)](https://discuss.circleci.com/c/ecosystem/orbs) +[![CircleCI Build Status](https://circleci.com/gh/15five/trivy-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/15five/trivy-orb) [![CircleCI Orb Version](https://badges.circleci.com/orbs/fifteen5/trivy-orb.svg)](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb) [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/15five/trivy-orb/master/LICENSE) +A [Circleci](https://circleci.com) orb for running [Trivy](https://github.com/aquasecurity/trivy), a vulnerability scanner for docker images and more. - -A starter template for orb projects. Build, test, and publish orbs automatically on CircleCI with [Orb-Tools](https://circleci.com/orbs/registry/orb/circleci/orb-tools). - -Additional READMEs are available in each directory. - - - -## Resources - -[CircleCI Orb Registry Page](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb) - The official registry page of this orb for all versions, executors, commands, and jobs described. -[CircleCI Orb Docs](https://circleci.com/docs/2.0/orb-intro/#section=configuration) - Docs for using and creating CircleCI Orbs. +The orb can be found here: [CircleCI Orb Registry Page](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb) ### How to Contribute @@ -37,5 +28,3 @@ Example: `[semver:major]` * On merge, after manual approval, the orb will automatically be published to the Orb Registry. -For further questions/comments about this or other orbs, visit the Orb Category of [CircleCI Discuss](https://discuss.circleci.com/c/orbs). - diff --git a/src/@orb.yml b/src/@orb.yml index 2e8ae44..ac22ce7 100755 --- a/src/@orb.yml +++ b/src/@orb.yml @@ -1,14 +1,13 @@ version: 2.1 description: > - Sample orb description + Orb for running Trivy, a security scanner # What will your orb allow users to accomplish? # Descriptions should be short, simple, and informative. # This information will be displayed in the orb registry and is not mandatory. display: - home_url: "https://www.website.com/docs" - source_url: "https://www.github.com/EXAMPLE_ORG/EXAMPLE_PROJECT" + source_url: "https://github.com/15five/trivy-orb" # If your orb requires other orbs, you can import them like this. Otherwise remove the "orbs" stanza. # orbs: diff --git a/src/commands/README.md b/src/commands/README.md index bd3b6b0..fa5cbee 100644 --- a/src/commands/README.md +++ b/src/commands/README.md @@ -4,7 +4,7 @@ Easily add and author [Reusable Commands](https://circleci.com/docs/2.0/reusing- Each _YAML_ file within this directory will be treated as an orb command, with a name which matches its filename. -View the included _[greet.yml](./greet.yml)_ example. +For example: ```yaml description: > @@ -17,7 +17,7 @@ parameters: default: "Hello" description: "Select a proper greeting" steps: - - run: + - greeting: name: Hello World command: echo << parameters.greeting >> world ``` diff --git a/src/commands/greet.yml b/src/commands/greet.yml deleted file mode 100755 index f4e2205..0000000 --- a/src/commands/greet.yml +++ /dev/null @@ -1,15 +0,0 @@ -description: > - This command echos "Hello World" using file inclusion. -# What will this command do? -# Descriptions should be short, simple, and clear. -parameters: - to: - type: string - default: "World" - description: "Hello to whom?" -steps: - - run: - environment: - PARAM_TO: <> - name: Hello Greeting - command: <> diff --git a/src/commands/run.yml b/src/commands/run.yml new file mode 100755 index 0000000..ab26f86 --- /dev/null +++ b/src/commands/run.yml @@ -0,0 +1,20 @@ +description: > + This command runs Trivy. +parameters: + version: + type: string + default: "0.19.2" + description: "Version of trivy to download" + args: + type: string + default: "-h" + description: "Arguments to pass into trivy. See https://aquasecurity.github.io/trivy/v0.19.2/getting-started/cli." +steps: + - run: + environment: + PARAM_VERSION: <> + name: Install Trivy + command: <> + - run: + name: Run Trivy + command: trivy <> diff --git a/src/examples/example.yml b/src/examples/example.yml index a2cdaab..113a046 100755 --- a/src/examples/example.yml +++ b/src/examples/example.yml @@ -6,8 +6,9 @@ description: > usage: version: 2.1 orbs: - : /@1.2.3 + trivy: fifteen5/trivy@1.2.3 workflows: use-my-orb: jobs: - - / + - trivy/run: + args: --no-progress --exit-code 1 image busybox diff --git a/src/executors/default.yml b/src/executors/default.yml index 61e9948..4df45a2 100755 --- a/src/executors/default.yml +++ b/src/executors/default.yml @@ -1,11 +1,10 @@ description: > - This is a sample executor using Docker and Node. + Executor for trivy docker: - - image: 'cimg/node:<>' + - image: 'cimg/base:<>' parameters: tag: - default: lts + default: 2021.07 description: > - Pick a specific circleci/node image variant: - https://hub.docker.com/r/cimg/node/tags + Tag for 'cimg/base' docker container type: string diff --git a/src/jobs/README.md b/src/jobs/README.md index 5dddab9..98a5a0d 100644 --- a/src/jobs/README.md +++ b/src/jobs/README.md @@ -6,7 +6,7 @@ Each _YAML_ file within this directory will be treated as an orb job, with a nam Jobs may invoke orb commands and other steps to fully automate tasks with minimal user configuration. -View the included _[hello.yml](./hello.yml)_ example. +For example: ```yaml @@ -20,7 +20,7 @@ parameters: default: "Hello" description: "Select a proper greeting" steps: - - greet: + - run: greeting: << parameters.greeting >> ``` diff --git a/src/jobs/hello.yml b/src/jobs/hello.yml deleted file mode 100755 index f7ec411..0000000 --- a/src/jobs/hello.yml +++ /dev/null @@ -1,15 +0,0 @@ -description: > - Sample description -# What will this job do? -# Descriptions should be short, simple, and clear. - -executor: default - -parameters: - to: - type: string - default: "World" - description: "Hello to whom?" -steps: - - greet: - to: << parameters.to >> diff --git a/src/jobs/run.yml b/src/jobs/run.yml new file mode 100755 index 0000000..0b731d0 --- /dev/null +++ b/src/jobs/run.yml @@ -0,0 +1,20 @@ +description: > + Runs Trivy +# What will this job do? +# Descriptions should be short, simple, and clear. + +executor: default + +parameters: + version: + type: string + default: "0.19.2" + description: "Version of trivy to download" + args: + type: string + default: "-h" + description: "Arguments to pass into trivy. See https://aquasecurity.github.io/trivy/v0.19.2/getting-started/cli." +steps: + - run: + version: << parameters.version >> + args: << parameters.args >> diff --git a/src/scripts/greet.sh b/src/scripts/greet.sh deleted file mode 100644 index e6febce..0000000 --- a/src/scripts/greet.sh +++ /dev/null @@ -1,10 +0,0 @@ -Greet() { - echo Hello "${PARAM_TO}" -} - -# Will not run if sourced for bats-core tests. -# View src/tests for more information. -ORB_TEST_ENV="bats-core" -if [ "${0#*$ORB_TEST_ENV}" == "$0" ]; then - Greet -fi diff --git a/src/scripts/install.sh b/src/scripts/install.sh new file mode 100644 index 0000000..87cf8c6 --- /dev/null +++ b/src/scripts/install.sh @@ -0,0 +1,13 @@ +Install() { + echo Hello "${PARAM_VERSION}" + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${PARAM_VERSION} + mkdir /tmp + curl https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/junit.tpl -o /tmp/junit.tpl +} + +# Will not run if sourced for bats-core tests. +# View src/tests for more information. +ORB_TEST_ENV="bats-core" +if [ "${0#*$ORB_TEST_ENV}" == "$0" ]; then + Install +fi diff --git a/src/tests/greet.bats b/src/tests/greet.bats deleted file mode 100644 index a7bfbe0..0000000 --- a/src/tests/greet.bats +++ /dev/null @@ -1,13 +0,0 @@ -# Runs prior to every test -setup() { - # Load our script file. - source ./src/scripts/greet.sh -} - -@test '1: Greet the world' { - # Mock environment variables or functions by exporting them (after the script has been sourced) - export PARAM_TO="World" - # Capture the output of our "Greet" function - result=$(Greet) - [ "$result" == "Hello World" ] -} \ No newline at end of file diff --git a/src/tests/install.bats b/src/tests/install.bats new file mode 100644 index 0000000..eea46db --- /dev/null +++ b/src/tests/install.bats @@ -0,0 +1,11 @@ +# Runs prior to every test +setup() { + # Load our script file. + source ./src/scripts/install.sh +} + +@test '1: Installs correctly' { + # Capture the output of our "Greet" function + result=$(Install) + trivy -h +} \ No newline at end of file From 7996c9499dbf7010c9fbe8f732eb19cbee12c414 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 12:38:22 -0700 Subject: [PATCH 03/18] fix command need to use old command until new version is published --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8c5e2de..53d58a8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -29,10 +29,10 @@ jobs: - image: cimg/base:stable steps: - checkout - # "run" is a sample command packaged with this orb config. - # This sample integration test will run as long as the run command exists. Once you remove the run command you should remove this line. + # "greet" is a sample command packaged with this orb config. + # This sample integration test will greet as long as the run command exists. Once you remove the run command you should remove this line. # Push new changes first, before adding new tests to your config. - - trivy-orb/run + - trivy-orb/greet workflows: # Prior to producing a development orb (which requires credentials) basic validation, linting, and even unit testing can be performed. From e85813dbfabf1076685014b2deaaef098db58d32 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 12:40:10 -0700 Subject: [PATCH 04/18] lint sh file --- src/scripts/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/install.sh b/src/scripts/install.sh index 87cf8c6..4feb7a0 100644 --- a/src/scripts/install.sh +++ b/src/scripts/install.sh @@ -1,6 +1,6 @@ Install() { echo Hello "${PARAM_VERSION}" - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${PARAM_VERSION} + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v"${PARAM_VERSION}" mkdir /tmp curl https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/junit.tpl -o /tmp/junit.tpl } From 210719861dc525b39f0ab25adcc67651bcffce5b Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 12:41:57 -0700 Subject: [PATCH 05/18] fix install script mkdir gives error if /tmp already exists, which it probably does --- src/scripts/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/install.sh b/src/scripts/install.sh index 4feb7a0..7ee93c3 100644 --- a/src/scripts/install.sh +++ b/src/scripts/install.sh @@ -1,7 +1,7 @@ Install() { echo Hello "${PARAM_VERSION}" curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v"${PARAM_VERSION}" - mkdir /tmp + mkdir -p /tmp curl https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/junit.tpl -o /tmp/junit.tpl } From cdc801ae4b416a630ba07e28d569baf60fbc9182 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 12:42:39 -0700 Subject: [PATCH 06/18] mock params --- src/tests/install.bats | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/install.bats b/src/tests/install.bats index eea46db..24ae4a2 100644 --- a/src/tests/install.bats +++ b/src/tests/install.bats @@ -5,6 +5,8 @@ setup() { } @test '1: Installs correctly' { + # mock params + export PARAM_VERSION=0.19.2 # Capture the output of our "Greet" function result=$(Install) trivy -h From ad7117f9ef663ab62c00c2c0643f85b1fb4721a6 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 15:45:52 -0700 Subject: [PATCH 07/18] fix trivy install --- src/commands/run.yml | 5 +++++ src/jobs/run.yml | 4 ++++ src/scripts/install.sh | 2 +- src/tests/install.bats | 1 + 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/commands/run.yml b/src/commands/run.yml index ab26f86..db7c3af 100755 --- a/src/commands/run.yml +++ b/src/commands/run.yml @@ -5,6 +5,10 @@ parameters: type: string default: "0.19.2" description: "Version of trivy to download" + install_location: + type: string + default: ./bin + descrption: "Where to install Trivy" args: type: string default: "-h" @@ -13,6 +17,7 @@ steps: - run: environment: PARAM_VERSION: <> + PARAM_BINDIR: <> name: Install Trivy command: <> - run: diff --git a/src/jobs/run.yml b/src/jobs/run.yml index 0b731d0..8cfeaf8 100755 --- a/src/jobs/run.yml +++ b/src/jobs/run.yml @@ -10,6 +10,10 @@ parameters: type: string default: "0.19.2" description: "Version of trivy to download" + install_location: + type: string + default: ./bin + descrption: "Where to install Trivy" args: type: string default: "-h" diff --git a/src/scripts/install.sh b/src/scripts/install.sh index 7ee93c3..823fe49 100644 --- a/src/scripts/install.sh +++ b/src/scripts/install.sh @@ -1,6 +1,6 @@ Install() { echo Hello "${PARAM_VERSION}" - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v"${PARAM_VERSION}" + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "${PARAM_BINDIR}" v"${PARAM_VERSION}" mkdir -p /tmp curl https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/junit.tpl -o /tmp/junit.tpl } diff --git a/src/tests/install.bats b/src/tests/install.bats index 24ae4a2..ebd79e7 100644 --- a/src/tests/install.bats +++ b/src/tests/install.bats @@ -7,6 +7,7 @@ setup() { @test '1: Installs correctly' { # mock params export PARAM_VERSION=0.19.2 + export PARAM_BINDIR=./bin # Capture the output of our "Greet" function result=$(Install) trivy -h From 276f9cfce4d43a331937f0c01f4eb1e84d078999 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 15:53:20 -0700 Subject: [PATCH 08/18] fix trivy install --- src/commands/run.yml | 4 ++-- src/jobs/run.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/commands/run.yml b/src/commands/run.yml index db7c3af..1db052f 100755 --- a/src/commands/run.yml +++ b/src/commands/run.yml @@ -7,7 +7,7 @@ parameters: description: "Version of trivy to download" install_location: type: string - default: ./bin + default: . descrption: "Where to install Trivy" args: type: string @@ -22,4 +22,4 @@ steps: command: <> - run: name: Run Trivy - command: trivy <> + command: ./trivy <> diff --git a/src/jobs/run.yml b/src/jobs/run.yml index 8cfeaf8..cbd5a48 100755 --- a/src/jobs/run.yml +++ b/src/jobs/run.yml @@ -12,7 +12,7 @@ parameters: description: "Version of trivy to download" install_location: type: string - default: ./bin + default: . descrption: "Where to install Trivy" args: type: string From ca5edbc918e231ecfc812adb0f18a4230d26dbbf Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 15:54:58 -0700 Subject: [PATCH 09/18] fix typo --- src/commands/run.yml | 2 +- src/jobs/run.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands/run.yml b/src/commands/run.yml index 1db052f..5cd0183 100755 --- a/src/commands/run.yml +++ b/src/commands/run.yml @@ -8,7 +8,7 @@ parameters: install_location: type: string default: . - descrption: "Where to install Trivy" + description: "Where to install Trivy" args: type: string default: "-h" diff --git a/src/jobs/run.yml b/src/jobs/run.yml index cbd5a48..a0bf59c 100755 --- a/src/jobs/run.yml +++ b/src/jobs/run.yml @@ -13,7 +13,7 @@ parameters: install_location: type: string default: . - descrption: "Where to install Trivy" + description: "Where to install Trivy" args: type: string default: "-h" From a41b6e2459f573c41f9166ffc8798f81f9b71fcd Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 15:56:01 -0700 Subject: [PATCH 10/18] fix type --- src/executors/default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/executors/default.yml b/src/executors/default.yml index 4df45a2..ad80b1e 100755 --- a/src/executors/default.yml +++ b/src/executors/default.yml @@ -4,7 +4,7 @@ docker: - image: 'cimg/base:<>' parameters: tag: - default: 2021.07 + default: "2021.07" description: > Tag for 'cimg/base' docker container type: string From 1829010c501271d05ffb4e8a0eb95b858ab1d08e Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:01:56 -0700 Subject: [PATCH 11/18] rename to avoid name collision with run --- src/commands/{run.yml => scan.yml} | 0 src/jobs/{run.yml => scan.yml} | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename src/commands/{run.yml => scan.yml} (100%) rename src/jobs/{run.yml => scan.yml} (98%) diff --git a/src/commands/run.yml b/src/commands/scan.yml similarity index 100% rename from src/commands/run.yml rename to src/commands/scan.yml diff --git a/src/jobs/run.yml b/src/jobs/scan.yml similarity index 98% rename from src/jobs/run.yml rename to src/jobs/scan.yml index a0bf59c..8209a57 100755 --- a/src/jobs/run.yml +++ b/src/jobs/scan.yml @@ -19,6 +19,6 @@ parameters: default: "-h" description: "Arguments to pass into trivy. See https://aquasecurity.github.io/trivy/v0.19.2/getting-started/cli." steps: - - run: + - scan: version: << parameters.version >> args: << parameters.args >> From 63a4b1c6714e44559f24fde887335bc3b5aa386d Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:04:35 -0700 Subject: [PATCH 12/18] fix test --- src/tests/install.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/install.bats b/src/tests/install.bats index ebd79e7..05f00b9 100644 --- a/src/tests/install.bats +++ b/src/tests/install.bats @@ -7,8 +7,8 @@ setup() { @test '1: Installs correctly' { # mock params export PARAM_VERSION=0.19.2 - export PARAM_BINDIR=./bin + export PARAM_BINDIR=. # Capture the output of our "Greet" function result=$(Install) - trivy -h + ./trivy -h } \ No newline at end of file From 58dc6378efd49b6864fa60ab4ca8ae1fbe1f9a43 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:09:08 -0700 Subject: [PATCH 13/18] rename command [skip ci] --- src/examples/example.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/examples/example.yml b/src/examples/example.yml index 113a046..a82c6c9 100755 --- a/src/examples/example.yml +++ b/src/examples/example.yml @@ -6,9 +6,9 @@ description: > usage: version: 2.1 orbs: - trivy: fifteen5/trivy@1.2.3 + trivy: fifteen5/trivy@1.0.0 workflows: use-my-orb: jobs: - - trivy/run: + - trivy/scan: args: --no-progress --exit-code 1 image busybox From ec08cb4eb1334ba136422c7ec0cf3359134c1b8a Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:09:49 -0700 Subject: [PATCH 14/18] rename command [skip ci] --- src/jobs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jobs/README.md b/src/jobs/README.md index 98a5a0d..336ab40 100644 --- a/src/jobs/README.md +++ b/src/jobs/README.md @@ -20,7 +20,7 @@ parameters: default: "Hello" description: "Select a proper greeting" steps: - - run: + - scan: greeting: << parameters.greeting >> ``` From f6b8bf16b1257d45c41721debfde0787116712f2 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:11:06 -0700 Subject: [PATCH 15/18] update install message --- src/scripts/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/install.sh b/src/scripts/install.sh index 823fe49..5460454 100644 --- a/src/scripts/install.sh +++ b/src/scripts/install.sh @@ -1,5 +1,5 @@ Install() { - echo Hello "${PARAM_VERSION}" + echo Installing Trivy v"${PARAM_VERSION}" to "${PARAM_BINDIR}" curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "${PARAM_BINDIR}" v"${PARAM_VERSION}" mkdir -p /tmp curl https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/junit.tpl -o /tmp/junit.tpl From c2968390cc847aa42b8f18073f85339a4100e18e Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:11:42 -0700 Subject: [PATCH 16/18] more stuff [skip ci] --- src/tests/install.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/install.bats b/src/tests/install.bats index 05f00b9..bdc1c5b 100644 --- a/src/tests/install.bats +++ b/src/tests/install.bats @@ -8,7 +8,7 @@ setup() { # mock params export PARAM_VERSION=0.19.2 export PARAM_BINDIR=. - # Capture the output of our "Greet" function + # Capture the output of our "Install" function result=$(Install) ./trivy -h } \ No newline at end of file From 25ef3f6c2db1cd4131c5d40909e00a6fe07cb177 Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:14:41 -0700 Subject: [PATCH 17/18] fix command name --- .circleci/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 53d58a8..cd6b979 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,7 +1,6 @@ version: 2.1 orbs: - # Replace this with your own! trivy-orb: fifteen5/trivy-orb@<> orb-tools: circleci/orb-tools@10.0 bats: circleci/bats@1.0 @@ -32,7 +31,7 @@ jobs: # "greet" is a sample command packaged with this orb config. # This sample integration test will greet as long as the run command exists. Once you remove the run command you should remove this line. # Push new changes first, before adding new tests to your config. - - trivy-orb/greet + - trivy-orb/scan workflows: # Prior to producing a development orb (which requires credentials) basic validation, linting, and even unit testing can be performed. From cf89b17d6bf3227de19c27b765c4054cf1be63aa Mon Sep 17 00:00:00 2001 From: caleb15 Date: Thu, 2 Sep 2021 16:20:46 -0700 Subject: [PATCH 18/18] add junit run --- src/jobs/junit_run.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 src/jobs/junit_run.yml diff --git a/src/jobs/junit_run.yml b/src/jobs/junit_run.yml new file mode 100644 index 0000000..ae2d24c --- /dev/null +++ b/src/jobs/junit_run.yml @@ -0,0 +1,26 @@ +# Thanks to https://circleci.com/developer/orbs/orb/signavio/trivy +description: "Run Trivy with JUnit test results" +parameters: + version: + type: string + default: "0.19.2" + description: "Version of trivy to download" + install_location: + type: string + default: . + description: "Where to install Trivy" + args: + type: string + default: "-h" + description: "Arguments to pass into trivy. See https://aquasecurity.github.io/trivy/v0.19.2/getting-started/cli. Note that several args are already specified (see source)" + output-folder-path: + description: Output folder path. + type: string + default: 'trivy-scan-results' +steps: + - scan: + args: --no-progress=true --exit-code=1 --format=template --template='@junit.tpl' --output=<>/junit.xml <> + - store_test_results: + path: <> + - store_artifacts: + path: <> \ No newline at end of file