container
/
kube-tools
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

switch to trivy config files
ci/woodpecker/pr/build-package Pipeline was successful Details
ci/woodpecker/pr/build-container Pipeline was successful Details
ci/woodpecker/pr/docs Pipeline was successful Details

This commit is contained in:
Robert Kaussow 2023-12-14 09:35:47 +01:00
parent cca86a86fb
commit 274ccaa90d
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.woodpecker/build-container.yml
View File

@ -24,7 +24,6 @@ steps:
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
TRIVY_SKIP_FILES: /usr/local/bin/gomplate,/usr/local/bin/helm,/usr/local/bin/polaris,/usr/local/bin/yq
publish-dockerhub:
group: container

3
Containerfile.multiarch
View File

@ -59,7 +59,8 @@ RUN apk --update add curl tar bash python3 pipx findutils git && \
chmod 755 /usr/local/bin/kustomize && \
chmod 755 /usr/local/bin/kubeconform && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/*
rm -rf /tmp/* && \
rm -rf /root/.cache/
ADD overlay/ /

4
trivy-secret.yaml Normal file
View File

@ -0,0 +1,4 @@
---
allow-rules:
- id: aws-secret-access-key
path: .*/flux-local/.*/site-packages/GitPython-.*\.dist-info/METADATA

7
trivy.yaml Normal file
View File

@ -0,0 +1,7 @@
---
scan:
skip-files:
- /usr/local/bin/gomplate
- /usr/local/bin/helm
- /usr/local/bin/polaris
- /usr/local/bin/yq