dragonheim/gagent
dragonheim/gagent
1
0
Fork 0
mirror of https://github.com/dragonheim/gagent.git synced 2025-01-18 04:56:28 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Relaxing securtity vulnerability checks just a bit during the build phase.

Browse source
This commit is contained in:
James Wells 2021-05-22 09:09:45 -07:00
parent 3422c03391
commit 4350db2135
Signed by: jwells
GPG key ID: 73196D10B8E65666
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.drone.yml
View file

@ -52,10 +52,10 @@ steps:
- docker buildx build --platform linux/amd64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} -f docker/Dockerfile .
### Run a security check and warn us about lower level vulnerabilities
- trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM ${DRONE_REPO}:${DRONE_COMMIT}
- trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH ${DRONE_REPO}:${DRONE_COMMIT}
### Re-run the scan, but this time looking for higher level vulnerabilities that we want to block for.
- trivy image --skip-update --exit-code 1 --severity CRITICAL,HIGH ${DRONE_REPO}:${DRONE_COMMIT}
### Re-run the scan, but this time looking for critical vulnerabilities that we want to block for.
- trivy image --skip-update --exit-code 1 --severity CRITICAL ${DRONE_REPO}:${DRONE_COMMIT}
- name: Notify Datadog