This tool can be used to receive all trivy results from a GitLab group. The tool scans all subgroups and prints out a result of the GitLab CI trivy scan job and checks if there is a .trivyignore defined in the default branch.
brew install steffakasid/trivyops/trivyops
Or brew tap steffakasid/trivyops and then brew install trivyops.
-
GITLAB_TOKEN- the GitLab token to access the Gitlab instance -
GITLAB_HOST- the GitLab host which should be accessed [Default: https://gitlab.com] -
GITLAB_GROUP_ID- the GitLab group ID to scan (only be used if not given per argument) -
LOG_LEVEL- the log level to use [Default: info] -
METRICS_PORT- the metrics endpoint when running in daemon mode [Default: 2112] -
METRICS_CRON- the cron string used to define how often metrics results are gathered from GitLab [Default: @every 6h]
trivyops 1234 - get all trivy results from 1234
trivyops 1234 --filter ^blub.* - get all trivy results from 1234 where name starts with blub
trivyops 1234 -o table - output results as table (works well with less results)
trivyops 1234 -v - get more details
[-a], [--artifact-name] string The artifact filename of the trivy result (default "trivy-results.json")
[-f], [--filter] string A golang regular expression to filter project name with namespace (e.g. (./groupprefix.+$)|(.*otherprefix.))
[--help] Print help message
[-j], [--job-name] string The gitlab ci jobname to check (default "scan_oci_image_trivy")
-o, [--output] string Define how to output results [text, table, json] (default "text")
[--v] Get details
[--vv] Get more details
[--vvv] Get even more details
[--version] Print version information
---
GITLAB_TOKEN: a;lsdkfya9s8df879
GITLAB_HOST: https://gitlab.com
GITLAB_GROUP_ID: 12345
LOG_LEVEL: warn
FILTER: ^dbs-businesshub\/(!smartlocker)|(bizhub.+)$All flags can also be set via config file