I have a folder file trivy-offline.db.tgz
which i wanted to copy and extract it to docker while CI is running.
the project directory
is - /builds/test/eval-trivy-3
gitlab-ci.yml
container_scanning:
stage: test
image:
name: $CI_REGISTRY/devops/trivy/trivy:0.20.1
entrypoint: [""]
variables:
GIT_STRATEGY: none
TRIVY_USERNAME: "$CI_REGISTRY_USER"
TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD"
TRIVY_AUTH_URL: "$CI_REGISTRY"
FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script:
- echo "the project directory is - $CI_PROJECT_DIR"
- trivy --version
- time trivy image --clear-cache
- <cp file to this docker>
- <extract file to path>
CodePudding user response:
The first question to solve is, which tools are available within your trivy
container you are using, do you have tar
available inside or not.
the command for extracting via tar is quiet simple tar -xzf <file>
.
GitLab CI is normally already checking out your repository, so the files should be already in place, and there is no need for special care.
Variant 1: tar available
container_scanning:
# ...
script:
- echo "the project directory is - $CI_PROJECT_DIR"
- trivy --version
- time trivy image --clear-cache
- tar -xzf trivy-offline.db.tgz
Variant 2: tar not within the image
You can have a pre step with any other image containing tar
and extract it with that one
extract-trivy-db:
# ...
script:
- tar -xzf trivy-offline.db.tgz
artifacts:
paths:
- trivy-offline.db
container_scanning:
# ...
needs: ["extract-trivy-db"]
script:
- echo "the project directory is - $CI_PROJECT_DIR"
- trivy --version
- time trivy image --clear-cache