Skip to content

steffakasid/trivyops

Repository files navigation

trivyops

License Apache%202.0 blue link:https://github.com/steffakasid/trivyops/actions/workflows/codeql.yml link:https://github.com/steffakasid/trivyops/actions/workflows/release.yml link:https://github.com/steffakasid/trivyops/actions/workflows/go-test.yml

This tool can be used to receive all trivy results from a GitLab group. The tool scans all subgroups and prints out a result of the GitLab CI trivy scan job and checks if there is a .trivyignore defined in the default branch.

Installation:

brew install steffakasid/trivyops/trivyops

Or brew tap steffakasid/trivyops and then brew install trivyops.

Usage:

trivyops [flags] GITLAB_GROUP_ID

Variables:

  • GITLAB_TOKEN - the GitLab token to access the Gitlab instance

  • GITLAB_HOST - the GitLab host which should be accessed [Default: https://gitlab.com]

  • GITLAB_GROUP_ID - the GitLab group ID to scan (only be used if not given per argument)

  • LOG_LEVEL - the log level to use [Default: info]

  • METRICS_PORT - the metrics endpoint when running in daemon mode [Default: 2112]

  • METRICS_CRON - the cron string used to define how often metrics results are gathered from GitLab [Default: @every 6h]

Examples:

trivyops 1234 - get all trivy results from 1234

trivyops 1234 --filter ^blub.* - get all trivy results from 1234 where name starts with blub

trivyops 1234 -o table - output results as table (works well with less results)

trivyops 1234 -v - get more details

Flags:

[-a], [--artifact-name] string The artifact filename of the trivy result (default "trivy-results.json")

[-f], [--filter] string A golang regular expression to filter project name with namespace (e.g. (./groupprefix.+$)|(.*otherprefix.))

[--help] Print help message

[-j], [--job-name] string The gitlab ci jobname to check (default "scan_oci_image_trivy")

-o, [--output] string Define how to output results [text, table, json] (default "text")

[--v] Get details

[--vv] Get more details

[--vvv] Get even more details

[--version] Print version information

Configuration

---
GITLAB_TOKEN: a;lsdkfya9s8df879
GITLAB_HOST: https://gitlab.com
GITLAB_GROUP_ID: 12345
LOG_LEVEL: warn
FILTER: ^dbs-businesshub\/(!smartlocker)|(bizhub.+)$

All flags can also be set via config file

Configuration precedence

  1. Command line flags

  2. Env variables

  3. Config file

This means the config file has the lowest priority an will be overwritten by the other configuration methods.