-
Notifications
You must be signed in to change notification settings - Fork 2
/
scanCompiledArtifacts.yml
37 lines (34 loc) · 1.28 KB
/
scanCompiledArtifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Repo: FirelyTeam/azure-pipeline-templates
# File: scanCompiledArtifacts.yml
# Description: scan a directory of compiled code for vulnerabilities
parameters:
- name: 'directory'
type: 'string'
displayName: 'The directory to scan for vulnerabilities'
steps:
- script: |
retries=10
count=0
while [ $count -lt $retries ]; do
log_output=$(docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp -v ${{ parameters.directory }}:/src aquasec/trivy:latest --exit-code 1 --format table --scanners vuln,misconfig,secret filesystem /src 2>&1)
result=$?
echo "$log_output"
if echo "$log_output" | grep -q "Fatal error init error: DB error: failed to download vulnerability DB: database download error"; then
count=$((count + 1))
echo "Scan failed due to DB download error. Attempt $count/$retries. Retrying in 30 seconds..."
sleep 30
else
if [ $result -eq 0 ]; then
echo "Scan completed successfully."
break
else
echo "Scan failed due to other errors."
exit 1
fi
fi
done
if [ $count -eq $retries ]; then
echo "Scan failed after $retries attempts due to DB download error."
exit 1
fi
displayName: Scan compiled code with Trivy