add tasks

author: Christian Segundo 2023-12-30 05:28:03 +0100
committer: Christian Segundo 2023-12-31 00:20:01 +0100
commit: 786cd19a227a20b352b0764c9546c35fa5249ce8 (patch)
tree: 2613c346a3ed97cc399656d6e3d27ac906738e46 /tasks/trivy-image
parent: 2f0253c36f80b8f11e3294d184a5e73d0fec76a4 (diff)
download: concourse-786cd19a227a20b352b0764c9546c35fa5249ce8.tar.gz
1 files changed, 28 insertions, 0 deletions
diff --git a/tasks/trivy-image/task.yml b/tasks/trivy-image/task.yml
new file mode 100644
index 0000000..59940a9
--- /dev/null
+++ b/tasks/trivy-image/task.yml
@@ -0,0 +1,28 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source: {repository: docker.io/aquasec/trivy}
+
+inputs:
+  - name: docker-repo
+  - name: image
+
+run:
+  path: ash
+  args:
+    - -euo
+    - pipefail
+    - -c
+    - |
+      trivy image \
+        --ignore-unfixed \
+        --severity HIGH,CRITICAL \
+        --exit-code ${EXIT_CODE} \
+        --ignorefile "${TRIVY_IGNORE}" \
+        --input "${INPUT_TAR}"
+
+params:
+  TRIVY_IGNORE: docker-repo/.trivyignore
+  INPUT_TAR: image/image.tar
+  EXIT_CODE: 1
author	Christian Segundo	2023-12-30 05:28:03 +0100
committer	Christian Segundo	2023-12-31 00:20:01 +0100
commit	786cd19a227a20b352b0764c9546c35fa5249ce8 (patch)
tree	2613c346a3ed97cc399656d6e3d27ac906738e46 /tasks/trivy-image
parent	2f0253c36f80b8f11e3294d184a5e73d0fec76a4 (diff)
download	concourse-786cd19a227a20b352b0764c9546c35fa5249ce8.tar.gz