From 901f85e9a0ef6a1da56cb2209a355472de77283c Mon Sep 17 00:00:00 2001 From: Clement Bois Date: Fri, 15 Aug 2025 14:02:18 +0200 Subject: [PATCH 1/4] feat: trivy codequality report --- templates/gitlab-ci-docker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index 4f88a96..6f8aca9 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -1267,6 +1267,8 @@ docker-trivy: # Generate a report in the GitLab format trivy convert --format template --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json reports/docker-trivy-${basename}.native.json + # Generate a report in the Code Climate format + trivy convert --format template --template "@/contrib/gitlab-codequality.tpl" --output reports/docker-trivy-${basename}.codeclimate.json reports/docker-trivy-${basename}.native.json # console output trivy convert --format table reports/docker-trivy-${basename}.native.json @@ -1281,6 +1283,7 @@ docker-trivy: - "reports/docker-trivy-*" reports: container_scanning: "reports/docker-trivy-*.gitlab.json" + codequality: "reports/docker-trivy-*.codeclimate.json" cache: - key: "$CI_COMMIT_REF_SLUG-trivy" paths: -- GitLab From c44147271ae3c08c7a65052ed9c88315ebc33577 Mon Sep 17 00:00:00 2001 From: Clement Bois Date: Fri, 15 Aug 2025 14:08:58 +0200 Subject: [PATCH 2/4] docs: add trivy code quality report --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fc1f5a5..c124942 100644 --- a/README.md +++ b/README.md @@ -470,10 +470,11 @@ It's possible to ignore some CVE by adding a `.trivyignore` file at the root of In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher: -| Report | Format | Usage | -| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `reports/docker-trivy-*.native.json` | native Trivy report format (json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)
_This report is generated only if DefectDojo template is detected_ | -| `reports/docker-trivy-*.gitlab.json` | [Trivy report format for GitLab](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) | +| Report | Format | Usage | +| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `reports/docker-trivy-*.native.json` | Native Trivy report format (json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)
_This report is generated only if DefectDojo template is detected_ | +| `reports/docker-trivy-*.gitlab.json` | [Trivy report format for GitLab Container Security](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Container Security](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) | +| `reports/docker-trivy-*.codeclimate.json` | [Trivy report format for GitLab Code Quality](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Code Quality](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) | ### `docker-sbom` job -- GitLab From 13cf1c416b6ff03e6f02d63733c739f16a834800 Mon Sep 17 00:00:00 2001 From: Clement Bois Date: Fri, 15 Aug 2025 17:49:59 +0200 Subject: [PATCH 3/4] chore: use codequality naming --- README.md | 2 +- templates/gitlab-ci-docker.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c124942..1710449 100644 --- a/README.md +++ b/README.md @@ -474,7 +474,7 @@ In addition to a textual report in the console, this job produces the following | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `reports/docker-trivy-*.native.json` | Native Trivy report format (json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)
_This report is generated only if DefectDojo template is detected_ | | `reports/docker-trivy-*.gitlab.json` | [Trivy report format for GitLab Container Security](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Container Security](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) | -| `reports/docker-trivy-*.codeclimate.json` | [Trivy report format for GitLab Code Quality](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Code Quality](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) | +| `reports/docker-trivy-*.codequality.json` | [Trivy report format for GitLab Code Quality](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Code Quality](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) | ### `docker-sbom` job diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index 6f8aca9..36ca9bf 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -1267,8 +1267,8 @@ docker-trivy: # Generate a report in the GitLab format trivy convert --format template --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json reports/docker-trivy-${basename}.native.json - # Generate a report in the Code Climate format - trivy convert --format template --template "@/contrib/gitlab-codequality.tpl" --output reports/docker-trivy-${basename}.codeclimate.json reports/docker-trivy-${basename}.native.json + # Generate a report in the Code Quality format + trivy convert --format template --template "@/contrib/gitlab-codequality.tpl" --output reports/docker-trivy-${basename}.codequality.json reports/docker-trivy-${basename}.native.json # console output trivy convert --format table reports/docker-trivy-${basename}.native.json @@ -1283,7 +1283,7 @@ docker-trivy: - "reports/docker-trivy-*" reports: container_scanning: "reports/docker-trivy-*.gitlab.json" - codequality: "reports/docker-trivy-*.codeclimate.json" + codequality: "reports/docker-trivy-*.codequality.json" cache: - key: "$CI_COMMIT_REF_SLUG-trivy" paths: -- GitLab From 75a3e2ef51e1c56945d2937753130bf7e99e8caf Mon Sep 17 00:00:00 2001 From: Clement Bois Date: Mon, 18 Aug 2025 17:13:13 +0200 Subject: [PATCH 4/4] gitlab-codequality --- README.md | 2 +- templates/gitlab-ci-docker.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1710449..f2a9458 100644 --- a/README.md +++ b/README.md @@ -474,7 +474,7 @@ In addition to a textual report in the console, this job produces the following | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `reports/docker-trivy-*.native.json` | Native Trivy report format (json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)
_This report is generated only if DefectDojo template is detected_ | | `reports/docker-trivy-*.gitlab.json` | [Trivy report format for GitLab Container Security](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Container Security](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) | -| `reports/docker-trivy-*.codequality.json` | [Trivy report format for GitLab Code Quality](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Code Quality](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) | +| `reports/docker-trivy-*.gitlab-codequality.json` | [Trivy report format for GitLab Code Quality](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Code Quality](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) | ### `docker-sbom` job diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index 36ca9bf..60f414b 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -1268,7 +1268,7 @@ docker-trivy: # Generate a report in the GitLab format trivy convert --format template --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json reports/docker-trivy-${basename}.native.json # Generate a report in the Code Quality format - trivy convert --format template --template "@/contrib/gitlab-codequality.tpl" --output reports/docker-trivy-${basename}.codequality.json reports/docker-trivy-${basename}.native.json + trivy convert --format template --template "@/contrib/gitlab-codequality.tpl" --output reports/docker-trivy-${basename}.gitlab-codequality.json reports/docker-trivy-${basename}.native.json # console output trivy convert --format table reports/docker-trivy-${basename}.native.json @@ -1283,7 +1283,7 @@ docker-trivy: - "reports/docker-trivy-*" reports: container_scanning: "reports/docker-trivy-*.gitlab.json" - codequality: "reports/docker-trivy-*.codequality.json" + codequality: "reports/docker-trivy-*.gitlab-codequality.json" cache: - key: "$CI_COMMIT_REF_SLUG-trivy" paths: -- GitLab