Bugfix/trivy reporting (#467)

nwang92 · web-flow · commit 421bd7a57af0 · 2021-03-04T14:07:02.000-08:00
* Adding trivy XML reporting

* Adding trivyignore and exit codes
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -83,10 +83,13 @@ jobs:
       - run:
           name: Scan images
           command: |
+            mkdir -p trivy-results
             for image in ./workspace_cache/*.tar; do
               [ -e "$image" ] || continue
-              ./trivy image --exit-code 0 --ignore-unfixed --severity "HIGH,CRITICAL" --no-progress -i "$image"
+              ./trivy image --exit-code 1 --format template --template "@contrib/junit.tpl" -o trivy-results/`basename $image`.xml --ignore-unfixed --severity "HIGH,CRITICAL" --no-progress -i "$image"
             done
+      - store_test_results:
+          path: trivy-results
 
   scan_images_anchore:
     executor: anchore/anchore_engine
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,4 @@
+# Both of these are coming from this file, but it's not actually installed in the container
+# /usr/lib/python3.7/site-packages/ansible_collections/netbox/netbox/poetry.lock
+CVE-2020-36242
+CVE-2020-14343
