From 02e4ba85b2c02a788a9451d1f0d6faa4cd799fa7 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Mon, 14 Feb 2022 14:13:11 +0100 Subject: [PATCH] feat: improve messaging if Trivy fail is skipped --- vars/buildPodman.groovy | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/vars/buildPodman.groovy b/vars/buildPodman.groovy index 8479c1df..14a1b909 100644 --- a/vars/buildPodman.groovy +++ b/vars/buildPodman.groovy @@ -48,8 +48,14 @@ def call(Map config=[:]) { reportTitles: 'TrivyScan' ] - // Scan again and fail on CRITICAL vulns - sh "[ \"${config.trivyFail}\" == \"NONE\" ] || TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan" + // Scan again and fail on CRITICAL vulns, if not overridden + script { + if (config.trivyFail == 'NONE') { + echo 'trivyFail == NONE, review Trivy report manually. Proceeding ...' + } else { + sh "TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan" + } + } } }