mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 00:33:50 +00:00
Add a GitHub Workflow for the Trivy security scanner (#23084)
* Add a GitHub Workflow for the Trivy security scanner * Add initial ignore statements for Trivy This accepts all the current latent findings in the repository, while still enabling Trivy to flag new findings.
This commit is contained in:
parent
64b10f1ccb
commit
5d82604d58
17
.github/workflows/trivy.yaml
vendored
Normal file
17
.github/workflows/trivy.yaml
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
name: Trivy
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- branch/*
|
||||
pull_request:
|
||||
merge_group:
|
||||
|
||||
jobs:
|
||||
trivy:
|
||||
uses: gravitational/shared-workflows/.github/workflows/trivy.yaml@main
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
23
.trivyignore
Normal file
23
.trivyignore
Normal file
|
@ -0,0 +1,23 @@
|
|||
# Dockerfiles and Kubernetes YAMLs don't support inline ignores with Trivy, so
|
||||
# we have to set a global ignore for these for now.
|
||||
AVD-DS-0002
|
||||
AVD-KSV-0109
|
||||
AVD-KSV-0110
|
||||
DS001
|
||||
DS013
|
||||
DS026
|
||||
KSV001
|
||||
KSV003
|
||||
KSV009
|
||||
KSV011
|
||||
KSV012
|
||||
KSV013
|
||||
KSV014
|
||||
KSV015
|
||||
KSV016
|
||||
KSV018
|
||||
KSV020
|
||||
KSV021
|
||||
KSV030
|
||||
KSV047
|
||||
KSV106
|
|
@ -14,6 +14,12 @@ data "google_compute_network" "default" {
|
|||
}
|
||||
|
||||
|
||||
#trivy:ignore:AVD-GCP-0047
|
||||
#trivy:ignore:AVD-GCP-0049
|
||||
#trivy:ignore:AVD-GCP-0051
|
||||
#trivy:ignore:AVD-GCP-0056
|
||||
#trivy:ignore:AVD-GCP-0059
|
||||
#trivy:ignore:AVD-GCP-0061
|
||||
resource "google_container_cluster" "loadtest" {
|
||||
name = var.cluster_name
|
||||
location = var.region
|
||||
|
@ -25,6 +31,13 @@ resource "google_container_cluster" "loadtest" {
|
|||
initial_node_count = 1
|
||||
}
|
||||
|
||||
#trivy:ignore:AVD-GCP-0048
|
||||
#trivy:ignore:AVD-GCP-0049
|
||||
#trivy:ignore:AVD-GCP-0050
|
||||
#trivy:ignore:AVD-GCP-0054
|
||||
#trivy:ignore:AVD-GCP-0057
|
||||
#trivy:ignore:AVD-GCP-0058
|
||||
#trivy:ignore:AVD-GCP-0063
|
||||
resource "google_container_node_pool" "loadtest" {
|
||||
name = var.cluster_name
|
||||
cluster = google_container_cluster.loadtest.name
|
||||
|
|
Loading…
Reference in a new issue