feat: improve messaging if Trivy fail is skipped

This commit is contained in:
Stefan Reimer 2022-02-14 14:13:11 +01:00
parent 2c69869deb
commit 02e4ba85b2

View File

@ -48,8 +48,14 @@ def call(Map config=[:]) {
reportTitles: 'TrivyScan' reportTitles: 'TrivyScan'
] ]
// Scan again and fail on CRITICAL vulns // Scan again and fail on CRITICAL vulns, if not overridden
sh "[ \"${config.trivyFail}\" == \"NONE\" ] || TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan" script {
if (config.trivyFail == 'NONE') {
echo 'trivyFail == NONE, review Trivy report manually. Proceeding ...'
} else {
sh "TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan"
}
}
} }
} }