feat: Add Title to Trivy report HTLM template, Makefile cleanup

This commit is contained in:
Stefan Reimer 2022-01-19 00:22:21 +01:00
parent 8a7d22a53f
commit b173aba103
2 changed files with 8 additions and 5 deletions

View File

@ -1,9 +1,9 @@
BASE ?= latest-alpine-jdk11
REGISTRY := public.ecr.aws/zero-downtime REGISTRY := public.ecr.aws/zero-downtime
REPOSITORY := jenkins-podman REPOSITORY := jenkins-podman
REGION := us-east-1
# Parse version from latest git semver tag # Parse version from latest git semver tag
GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || echo "v0.0.0") GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null)
TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//') TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//')
ifeq ($(TRIVY_REMOTE),) ifeq ($(TRIVY_REMOTE),)
@ -12,15 +12,15 @@ else
TRIVY_OPTS := client --remote ${TRIVY_REMOTE} TRIVY_OPTS := client --remote ${TRIVY_REMOTE}
endif endif
.PHONY: build push scan .PHONY: build push scan test
all: build all: build
build: build:
podman build --rm --squash-all --build-arg BASE=$(BASE) -t $(REPOSITORY):$(TAG) -t $(REPOSITORY):latest . podman build --rm --squash-all -t $(REPOSITORY):$(TAG) -t $(REPOSITORY):latest .
push: push:
aws ecr-public get-login-password --region us-east-1 | podman login --username AWS --password-stdin $(REGISTRY) aws ecr-public get-login-password --region $(REGION) | podman login --username AWS --password-stdin $(REGISTRY)
podman tag $(REPOSITORY):latest $(REGISTRY)/$(REPOSITORY):$(TAG) $(REGISTRY)/$(REPOSITORY):latest podman tag $(REPOSITORY):latest $(REGISTRY)/$(REPOSITORY):$(TAG) $(REGISTRY)/$(REPOSITORY):latest
podman push $(REGISTRY)/$(REPOSITORY):$(TAG) podman push $(REGISTRY)/$(REPOSITORY):$(TAG)
podman push $(REGISTRY)/$(REPOSITORY):latest podman push $(REGISTRY)/$(REPOSITORY):latest
@ -29,3 +29,4 @@ scan:
trivy $(TRIVY_OPTS) $(REPOSITORY):$(TAG) trivy $(TRIVY_OPTS) $(REPOSITORY):$(TAG)
test: test:
@echo "Not implemented (yet)"

View File

@ -96,6 +96,7 @@
<th>Severity</th> <th>Severity</th>
<th>Installed Version</th> <th>Installed Version</th>
<th>Fixed Version</th> <th>Fixed Version</th>
<th>Title</th>
<th>Links</th> <th>Links</th>
</tr> </tr>
{{- range .Vulnerabilities }} {{- range .Vulnerabilities }}
@ -105,6 +106,7 @@
<td class="severity">{{ escapeXML .Vulnerability.Severity }}</td> <td class="severity">{{ escapeXML .Vulnerability.Severity }}</td>
<td class="pkg-version">{{ escapeXML .InstalledVersion }}</td> <td class="pkg-version">{{ escapeXML .InstalledVersion }}</td>
<td>{{ escapeXML .FixedVersion }}</td> <td>{{ escapeXML .FixedVersion }}</td>
<td>{{ escapeXML .Title }}</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
{{- range .Vulnerability.References }} {{- range .Vulnerability.References }}
<a href={{ escapeXML . | printf "%q" }} target="_blank" rel="noopener noreferrer">{{ escapeXML . }}</a> <a href={{ escapeXML . | printf "%q" }} target="_blank" rel="noopener noreferrer">{{ escapeXML . }}</a>