Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adds a lint:trivy command to mage #1447

Merged
merged 1 commit into from
Jul 18, 2023
Merged

adds a lint:trivy command to mage #1447

merged 1 commit into from
Jul 18, 2023

Conversation

vroldanbet
Copy link
Contributor

I haven't added it as part of the lint:all
command since it takes a bit to run

I've also added a new alias "scan" which
runs security scanning tools

@vroldanbet
adds a lint:trivy command to mage
d871f11 
I haven't added it as part of the lint:all
command since it takes a bit to run

I've also added a new alias "scan" which
runs security scanning tools
@vroldanbet vroldanbet requested a review from a team as a code owner July 18, 2023 10:38
@vroldanbet vroldanbet requested a review from ecordell July 18, 2023 10:39
@vroldanbet vroldanbet self-assigned this Jul 18, 2023
ecordell
ecordell reviewed Jul 18, 2023
View reviewed changes
magefiles/lint.go
func (l Lint) Trivy() error {
mg.Deps(Build{}.Testimage)
fmt.Println("running Trivy container scan")
return sh.RunV("docker", "run", "-v", "/var/run/docker.sock:/var/run/docker.sock", "aquasec/trivy:latest", "image", "--format", "table", "--exit-code", "1", "--ignore-unfixed", "--vuln-type", "os,library", "--no-progress", "--severity", "CRITICAL,HIGH,MEDIUM", "authzed/spicedb:ci")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since trivy is a go project, I think we could manage it as a tool and just run with go run github.com/aquasecurity/trivy/cmd/trivy/main.go?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I guess we haven't made these magefiles a separate go module yet like we have in some other projects. This LGTM then and we can revisit later.

@vroldanbet vroldanbet merged commit e2bfef4 into main Jul 18, 2023
19 checks passed
@vroldanbet vroldanbet deleted the add-trivy-to-mage branch July 18, 2023 15:44
@github-actions github-actions bot locked and limited conversation to collaborators Jul 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ecordell ecordell ecordell approved these changes

Assignees

@vroldanbet vroldanbet

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vroldanbet @ecordell