Update secgen.yaml

Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl>
This commit is contained in:
Kjeld Schouten-Lebbing
2022-12-24 17:40:48 +01:00
committed by GitHub
parent 99ce9248b1
commit 7d71cbe1f6

View File

@@ -92,10 +92,14 @@ jobs:
echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/container-security.md
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
for container in $(cat ${chart}/render/containers.tmp | sort | uniq); do
echo "**Container: ${container}**" >> website/docs/charts/${train}/${chartname}/container-security.md
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
trivy image --security-checks vuln -f template --template "@./templates/trivy-container.tpl" ${container} >> website/docs/charts/${train}/${chartname}/container-security.md || echo "trivy container scan failed..."
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
if [[ "$container" == *"ghcr.io/truecharts/alpine"* || "$container" == *"ghcr.io/truecharts/ubuntu"* || "$container" == *"ghcr.io/truecharts/kubectl"* ]]; then
echo "Skipping ${container}, as it's a shared common container..."
else
echo "**Container: ${container}**" >> website/docs/charts/${train}/${chartname}/container-security.md
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
trivy image --security-checks vuln -f template --template "@./templates/trivy-container.tpl" ${container} >> website/docs/charts/${train}/${chartname}/container-security.md || echo "trivy container scan failed..."
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
fi
done
}
cleanfiles() {