Skip to content

Commit

Permalink
Install Trivy for vulnerability scanning unit-testing
Browse files Browse the repository at this point in the history
  • Loading branch information
karanibm6 committed Feb 17, 2024
1 parent 4087cbd commit 476489d
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ jobs:
go-version: '1.20.x'
cache: true
check-latest: true
- name: Install Trivy
run: make install-trivy
- name: Build
run: make build
- name: Test
Expand Down
4 changes: 4 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,10 @@ install-counterfeiter:
install-spruce:
hack/install-spruce.sh

.PHONY: install-trivy
install-trivy:
hack/install-trivy.sh

# Install golangci-lint via: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
.PHONY: sanity-check
sanity-check:
Expand Down
31 changes: 31 additions & 0 deletions hack/install-trivy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/bin/bash

# Copyright The Shipwright Contributors
#
# SPDX-License-Identifier: Apache-2.0

#
# Installs "trivy"
#

set -euo pipefail

# Find a suitable install location
for CANDIDATE in "$HOME/bin" "/usr/local/bin" "/usr/bin"; do
if [[ -w $CANDIDATE ]] && grep -q "$CANDIDATE" <<<"$PATH"; then
TARGET_DIR="$CANDIDATE"
break
fi
done

# Bail out in case no suitable location could be found
if [[ -z ${TARGET_DIR:-} ]]; then
echo -e "Unable to determine a writable install location. Make sure that you have write access to either \\033[1m/usr/local/bin\\033[0m or \\033[1m${HOME}/bin\\033[0m and that is in your PATH."
exit 1
fi

echo "# Install Trivy"
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "$TARGET_DIR"

echo "# Trivy version"
trivy --version

0 comments on commit 476489d

Please sign in to comment.