From 786cd19a227a20b352b0764c9546c35fa5249ce8 Mon Sep 17 00:00:00 2001
From: Christian Segundo
Date: Sat, 30 Dec 2023 05:28:03 +0100
Subject: add tasks

---
 tasks/trivy-image/task.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 tasks/trivy-image/task.yml

(limited to 'tasks/trivy-image/task.yml')

diff --git a/tasks/trivy-image/task.yml b/tasks/trivy-image/task.yml
new file mode 100644
index 0000000..59940a9
--- /dev/null
+++ b/tasks/trivy-image/task.yml
@@ -0,0 +1,28 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source: {repository: docker.io/aquasec/trivy}
+
+inputs:
+  - name: docker-repo
+  - name: image
+
+run:
+  path: ash
+  args:
+    - -euo
+    - pipefail
+    - -c
+    - |
+      trivy image \
+        --ignore-unfixed \
+        --severity HIGH,CRITICAL \
+        --exit-code ${EXIT_CODE} \
+        --ignorefile "${TRIVY_IGNORE}" \
+        --input "${INPUT_TAR}"
+
+params:
+  TRIVY_IGNORE: docker-repo/.trivyignore
+  INPUT_TAR: image/image.tar
+  EXIT_CODE: 1
-- 
cgit v1.2.3