Trivy.groovy (1171B)
1 // A class to describe the trivy stages 2 class Trivy implements Serializable { 3 private final Script script 4 private final String trivyImage = "public.ecr.aws/aquasecurity/trivy:0.19.2" 5 private final String scanners = "vuln,misconfig,secret,license" 6 7 Trivy(Script script) { 8 this.script = script 9 } 10 11 // Scan local project 12 // https://trivy.dev/latest/docs/target/filesystem 13 // https://trivy.dev/latest/docs/scanner/misconfiguration 14 // https://trivy.dev/latest/docs/scanner/secret 15 // https://trivy.dev/latest/docs/scanner/license 16 void vuln() { 17 script.stage() { 18 script.docker.image(trivyImage) 19 .inside('-u root --entrypoint=""') { 20 script.sh "trivy fs . --scanners ${scanners}" 21 } 22 } 23 } 24 25 // Generate SBOM in CycloneDX format 26 // https://trivy.dev/latest/docs/supply-chain/sbom 27 void sbom(String file = 'sbom-cyclonedx.json') { 28 script.stage(file) { 29 script.docker.image(trivyImage) 30 .inside('-u root --entrypoint=""') { 31 // the SBOM can include the vulnerability list 32 script.sh "trivy fs . --scanners vuln --format cyclonedx --output ${file}" 33 } 34 } 35 } 36 }