Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
version: 2.1

orbs:
# Replace this with your own!
trivy-orb: fifteen5/trivy-orb@<<pipeline.parameters.dev-orb-version>>
orb-tools: circleci/orb-tools@10.0
bats: circleci/bats@1.0
Expand Down Expand Up @@ -30,9 +29,9 @@ jobs:
steps:
- checkout
# "greet" is a sample command packaged with this orb config.
# This sample integration test will run as long as the greet command exists. Once you remove the greet command you should remove this line.
# This sample integration test will greet as long as the run command exists. Once you remove the run command you should remove this line.
# Push new changes first, before adding new tests to your config.
- trivy-orb/greet
- trivy-orb/scan

workflows:
# Prior to producing a development orb (which requires credentials) basic validation, linting, and even unit testing can be performed.
Expand Down
6 changes: 5 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,6 @@
# orb.yml is "packed" from source, and not published directly from the repository.
orb.yml
orb.yml

# personal vscode files
*.code-workspace
personal
19 changes: 4 additions & 15 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,19 +1,10 @@
# Orb Project Template
# Trivy orb

[![CircleCI Build Status](https://circleci.com/gh/15five/trivy-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/15five/trivy-orb) [![CircleCI Orb Version](https://badges.circleci.com/orbs/fifteen5/trivy-orb.svg)](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb) [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/15five/trivy-orb/master/LICENSE) [![CircleCI Community](https://img.shields.io/badge/community-CircleCI%20Discuss-343434.svg)](https://discuss.circleci.com/c/ecosystem/orbs)
[![CircleCI Build Status](https://circleci.com/gh/15five/trivy-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/15five/trivy-orb) [![CircleCI Orb Version](https://badges.circleci.com/orbs/fifteen5/trivy-orb.svg)](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb) [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/15five/trivy-orb/master/LICENSE)

A [Circleci](https://circleci.com) orb for running [Trivy](https://github.com/aquasecurity/trivy), a vulnerability scanner for docker images and more.


A starter template for orb projects. Build, test, and publish orbs automatically on CircleCI with [Orb-Tools](https://circleci.com/orbs/registry/orb/circleci/orb-tools).

Additional READMEs are available in each directory.



## Resources

[CircleCI Orb Registry Page](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb) - The official registry page of this orb for all versions, executors, commands, and jobs described.
[CircleCI Orb Docs](https://circleci.com/docs/2.0/orb-intro/#section=configuration) - Docs for using and creating CircleCI Orbs.
The orb can be found here: [CircleCI Orb Registry Page](https://circleci.com/orbs/registry/orb/fifteen5/trivy-orb)

### How to Contribute

Expand All @@ -37,5 +28,3 @@ Example: `[semver:major]`
* On merge, after manual approval, the orb will automatically be published to the Orb Registry.


For further questions/comments about this or other orbs, visit the Orb Category of [CircleCI Discuss](https://discuss.circleci.com/c/orbs).

5 changes: 2 additions & 3 deletions src/@orb.yml
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
version: 2.1

description: >
Sample orb description
Orb for running Trivy, a security scanner
# What will your orb allow users to accomplish?
# Descriptions should be short, simple, and informative.

# This information will be displayed in the orb registry and is not mandatory.
display:
home_url: "https://www.website.com/docs"
source_url: "https://www.github.com/EXAMPLE_ORG/EXAMPLE_PROJECT"
source_url: "https://github.com/15five/trivy-orb"

# If your orb requires other orbs, you can import them like this. Otherwise remove the "orbs" stanza.
# orbs:
Expand Down
4 changes: 2 additions & 2 deletions src/commands/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Easily add and author [Reusable Commands](https://circleci.com/docs/2.0/reusing-

Each _YAML_ file within this directory will be treated as an orb command, with a name which matches its filename.

View the included _[greet.yml](./greet.yml)_ example.
For example:

```yaml
description: >
Expand All @@ -17,7 +17,7 @@ parameters:
default: "Hello"
description: "Select a proper greeting"
steps:
- run:
- greeting:
name: Hello World
command: echo << parameters.greeting >> world
```
Expand Down
15 changes: 0 additions & 15 deletions src/commands/greet.yml

This file was deleted.

25 changes: 25 additions & 0 deletions src/commands/scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
description: >
This command runs Trivy.
parameters:
version:
type: string
default: "0.19.2"
description: "Version of trivy to download"
install_location:
type: string
default: .
description: "Where to install Trivy"
args:
type: string
default: "-h"
description: "Arguments to pass into trivy. See https://aquasecurity.github.io/trivy/v0.19.2/getting-started/cli."
steps:
- run:
environment:
PARAM_VERSION: <<parameters.version>>
PARAM_BINDIR: <<parameters.install_location>>
name: Install Trivy
command: <<include(scripts/install.sh)>>
- run:
name: Run Trivy
command: ./trivy <<parameters.args>>
5 changes: 3 additions & 2 deletions src/examples/example.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ description: >
usage:
version: 2.1
orbs:
<orb-name>: <namespace>/<orb-name>@1.2.3
trivy: fifteen5/trivy@1.0.0
workflows:
use-my-orb:
jobs:
- <orb-name>/<job-name>
- trivy/scan:
args: --no-progress --exit-code 1 image busybox
9 changes: 4 additions & 5 deletions src/executors/default.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
description: >
This is a sample executor using Docker and Node.
Executor for trivy
docker:
- image: 'cimg/node:<<parameters.tag>>'
- image: 'cimg/base:<<parameters.tag>>'
parameters:
tag:
default: lts
default: "2021.07"
description: >
Pick a specific circleci/node image variant:
https://hub.docker.com/r/cimg/node/tags
Tag for 'cimg/base' docker container
type: string
4 changes: 2 additions & 2 deletions src/jobs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Each _YAML_ file within this directory will be treated as an orb job, with a nam

Jobs may invoke orb commands and other steps to fully automate tasks with minimal user configuration.

View the included _[hello.yml](./hello.yml)_ example.
For example:


```yaml
Expand All @@ -20,7 +20,7 @@ parameters:
default: "Hello"
description: "Select a proper greeting"
steps:
- greet:
- scan:
greeting: << parameters.greeting >>
```

Expand Down
15 changes: 0 additions & 15 deletions src/jobs/hello.yml

This file was deleted.

26 changes: 26 additions & 0 deletions src/jobs/junit_run.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Thanks to https://circleci.com/developer/orbs/orb/signavio/trivy
description: "Run Trivy with JUnit test results"
parameters:
version:
type: string
default: "0.19.2"
description: "Version of trivy to download"
install_location:
type: string
default: .
description: "Where to install Trivy"
args:
type: string
default: "-h"
description: "Arguments to pass into trivy. See https://aquasecurity.github.io/trivy/v0.19.2/getting-started/cli. Note that several args are already specified (see source)"
output-folder-path:
description: Output folder path.
type: string
default: 'trivy-scan-results'
steps:
- scan:
args: --no-progress=true --exit-code=1 --format=template --template='@junit.tpl' --output=<<parameters.output-folder-path>>/junit.xml <<parameters.args>>
- store_test_results:
path: <<parameters.output-folder-path>>
- store_artifacts:
path: <<parameters.output-folder-path>>
24 changes: 24 additions & 0 deletions src/jobs/scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
description: >
Runs Trivy
# What will this job do?
# Descriptions should be short, simple, and clear.

executor: default

parameters:
version:
type: string
default: "0.19.2"
description: "Version of trivy to download"
install_location:
type: string
default: .
description: "Where to install Trivy"
args:
type: string
default: "-h"
description: "Arguments to pass into trivy. See https://aquasecurity.github.io/trivy/v0.19.2/getting-started/cli."
steps:
- scan:
version: << parameters.version >>
args: << parameters.args >>
10 changes: 0 additions & 10 deletions src/scripts/greet.sh

This file was deleted.

13 changes: 13 additions & 0 deletions src/scripts/install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Install() {
echo Installing Trivy v"${PARAM_VERSION}" to "${PARAM_BINDIR}"
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "${PARAM_BINDIR}" v"${PARAM_VERSION}"
mkdir -p /tmp
curl https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/junit.tpl -o /tmp/junit.tpl
}

# Will not run if sourced for bats-core tests.
# View src/tests for more information.
ORB_TEST_ENV="bats-core"
if [ "${0#*$ORB_TEST_ENV}" == "$0" ]; then
Install
fi
13 changes: 0 additions & 13 deletions src/tests/greet.bats

This file was deleted.

14 changes: 14 additions & 0 deletions src/tests/install.bats
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Runs prior to every test
setup() {
# Load our script file.
source ./src/scripts/install.sh
}

@test '1: Installs correctly' {
# mock params
export PARAM_VERSION=0.19.2
export PARAM_BINDIR=.
# Capture the output of our "Install" function
result=$(Install)
./trivy -h
}