Skip to content

Commit

Permalink
trivy
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlexanderDokuchaev
AlexanderDokuchaev committed Feb 26, 2025
1 parent 7996e73 commit 0352ca6
Show file tree
Hide file tree
Showing 3 changed files with 193 additions and 0 deletions.
148 changes: 148 additions & 0 deletions .github/scripts/trivy_html.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
{{- if . }}
<style>
* {
font-family: Arial, Helvetica, sans-serif;
}
h1 {
text-align: center;
}
.group-header th {
font-size: 200%;
}
.sub-header th {
font-size: 150%;
}
table, th, td {
border: 1px solid black;
border-collapse: collapse;
white-space: nowrap;
padding: .3em;
}
table {
margin: 0 auto;
}
.severity {
text-align: center;
font-weight: bold;
color: #fafafa;
}
.severity-LOW .severity { background-color: #5fbb31; }
.severity-MEDIUM .severity { background-color: #e9c600; }
.severity-HIGH .severity { background-color: #ff8800; }
.severity-CRITICAL .severity { background-color: #e40000; }
.severity-UNKNOWN .severity { background-color: #747474; }
.severity-LOW { background-color: #5fbb3160; }
.severity-MEDIUM { background-color: #e9c60060; }
.severity-HIGH { background-color: #ff880060; }
.severity-CRITICAL { background-color: #e4000060; }
.severity-UNKNOWN { background-color: #74747460; }
table tr td:first-of-type {
font-weight: bold;
}
.links a,
.links[data-more-links=on] a {
display: block;
}
.links[data-more-links=off] a:nth-of-type(1n+5) {
display: none;
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }} </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
var links = [].concat.apply([], linkCell.querySelectorAll('a'));
[].sort.apply(links, function(a, b) {
return a.href > b.href ? 1 : -1;
});
links.forEach(function(link, idx) {
if (links.length > 3 && 3 === idx) {
var toggleLink = document.createElement('a');
toggleLink.innerText = "Toggle more links";
toggleLink.href = "#toggleMore";
toggleLink.setAttribute("class", "toggle-more-links");
linkCell.appendChild(toggleLink);
}
linkCell.appendChild(link);
});
});
document.querySelectorAll('a.toggle-more-links').forEach(function(toggleLink) {
toggleLink.onclick = function() {
var expanded = toggleLink.parentElement.getAttribute("data-more-links");
toggleLink.parentElement.setAttribute("data-more-links", "on" === expanded ? "off" : "on");
return false;
};
});
};
</script>
</head>
<body>
<h1>Trivy Report: {{ now }}</h1>
<table>
{{- range . }}
<tr class="group-header"><th colspan="6">{{ .Type | toString | escapeXML }}: {{ .Target | toString | escapeXML }}</th></tr>
{{- if (eq (len .Vulnerabilities) 0) }}
<tr><th colspan="6">No Vulnerabilities found</th></tr>
{{- else }}
<tr class="sub-header">
<th>Package</th>
<th>Vulnerability ID</th>
<th>Severity</th>
<th>Installed Version</th>
<th>Fixed Version</th>
<th>Links</th>
</tr>
{{- range .Vulnerabilities }}
<tr class="severity-{{ escapeXML .Vulnerability.Severity }}">
<td class="pkg-name">{{ escapeXML .PkgName }}</td>
<td>{{ escapeXML .VulnerabilityID }}</td>
<td class="severity">{{ escapeXML .Vulnerability.Severity }}</td>
<td class="pkg-version">{{ escapeXML .InstalledVersion }}</td>
<td>{{ escapeXML .FixedVersion }}</td>
<td class="links" data-more-links="off">
{{- range .Vulnerability.References }}
<a href={{ escapeXML . | printf "%q" }}>{{ escapeXML . }}</a>
{{- end }}
</td>
</tr>
{{- end }}
{{- end }}
{{- if (eq (len .Misconfigurations ) 0) }}
<tr><th colspan="6">No Misconfigurations found</th></tr>
{{- else }}
<tr class="sub-header">
<th>Type</th>
<th>Misconf ID</th>
<th>Check</th>
<th>Severity</th>
<th>Message</th>
</tr>
{{- range .Misconfigurations }}
<tr class="severity-{{ escapeXML .Severity }}">
<td class="misconf-type">{{ escapeXML .Type }}</td>
<td>{{ escapeXML .ID }}</td>
<td class="misconf-check">{{ escapeXML .Title }}</td>
<td class="severity">{{ escapeXML .Severity }}</td>
<td class="link" data-more-links="off" style="white-space:normal;">
{{ escapeXML .Message }}
<br>
<a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a>
</br>
</td>
</tr>
{{- end }}
{{- end }}
{{- end }}
</table>
{{- else }}
</head>
<body>
<h1>Trivy Returned Empty Report</h1>
{{- end }}
</body>
</html>
4 changes: 4 additions & 0 deletions .github/workflows/nightly.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,7 @@ jobs:
uses: ./.github/workflows/call_precommit_windows.yml
with:
python_version: "3.10"

sdl-nightly:
if: github.repository_owner == 'openvinotoolkit'
uses: ./.github/workflows/sdl_nightly.yml
41 changes: 41 additions & 0 deletions .github/workflows/sdl_nightly.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: sdl nighly
permissions: read-all

on:
workflow_call:
workflow_dispatch:
jobs:
trivy:
name: Trivy
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run trivy
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
with:
scan-type: "fs"
scan-ref: .
severity: "CRITICAL,HIGH"
scanners: "misconfig,license,vuln"
format: template
template: "@.github/scripts/trivy_html.tpl"
output: trivy_report.html
cache: false
hide-progress: true
exit-code: 1
- name: Rename Report
if: ${{ !cancelled() }}
shell: bash
run: |
DATE=$(date +"%Y-%m-%d")
REF_NAME="${{ github.ref_name }}"
mv "trivy_report.html" "trivy_report_${DATE}_${REF_NAME//\//-}_${{ github.sha }}.html"
- name: Upload Scan Results
if: ${{ !cancelled() }}
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0
with:
name: trivy-report
path: "./trivy_report*.html"
retention-days: 30

0 comments on commit 0352ca6

Please sign in to comment.