commit f411d36497d8a9f261b22419660ccd4397be3005 parent 34bf8387a75d41a100ca10e789bf2e81bc7cfd02 Author: Andreas Gruhler <agruhl@gmx.ch> Date: Mon, 3 Mar 2025 00:23:17 +0100 feat: Trivy class lib Diffstat:
| A | src/Trivy.groovy | | | 36 | ++++++++++++++++++++++++++++++++++++ |
1 file changed, 36 insertions(+), 0 deletions(-)
diff --git a/src/Trivy.groovy b/src/Trivy.groovy @@ -0,0 +1,36 @@ +// A class to describe the trivy stages +class Trivy implements Serializable { + private final Script script + private final String trivyImage = "public.ecr.aws/aquasecurity/trivy:0.19.2" + private final String scanners = "vuln,misconfig,secret,license" + + Trivy(Script script) { + this.script = script + } + + // Scan local project + // https://trivy.dev/latest/docs/target/filesystem + // https://trivy.dev/latest/docs/scanner/misconfiguration + // https://trivy.dev/latest/docs/scanner/secret + // https://trivy.dev/latest/docs/scanner/license + void vuln() { + script.stage() { + script.docker.image(trivyImage) + .inside('-u root --entrypoint=""') { + script.sh "trivy fs . --scanners ${scanners}" + } + } + } + + // Generate SBOM in CycloneDX format + // https://trivy.dev/latest/docs/supply-chain/sbom + void sbom(String file = 'sbom-cyclonedx.json') { + script.stage(file) { + script.docker.image(trivyImage) + .inside('-u root --entrypoint=""') { + // the SBOM can include the vulnerability list + script.sh "trivy fs . --scanners vuln --format cyclonedx --output ${file}" + } + } + } +}