Gitlab
# Veinmind GitLab CI
veinmind-tools 集成进 GitLab-CI
# 🕹️ 快速开始
扫描在 Job 过程中构建的镜像 1. 通过远程配置引入
stages:
- build
# import scan runner
include:
- remote: https://download.veinmind.tech/scripts/veinmind-runner-gitlab-ci.yml
YOUR_JOB:
stage: build
image: YOUR_BUILD_IMAGE:latest
# add default config
extends: .scan-config
# add your config
variables:
IMAGE_REF: YOUR_APP:APP_TAG
script:
- docker build -t YOUR_APP:APP_TAG .
# add scan script
- !reference [.scan-script, script]
2. 通过构建 veinmind/veinmind-gitlab-CI 仓库方式引入
此方式需要首先clone该仓库到您的的gitlab内。
stages:
- build
# import scan runner
include:
- project: veinmind-gitlab-CI # absolute path
file: runner.yml
YOUR_JOB:
stage: build
image: YOUR_BUILD_IMAGE:latest
# add default config
extends: .scan-config
# add your config
variables:
IMAGE_REF: YOUR_APP:APP_TAG
script:
- docker build -t YOUR_APP:APP_TAG .
# add scan script
- !reference [.scan-script, script]
3. 直接修改.gitlab-ci.yml文件
stages:
- build
YOUR_JOB:
stage: build
image: YOUR_BUILD_IMAGE:latest
# add your config
variables:
SCAN_ACTION: scan-host
IMAGE_REF: YOUR_APP:APP_TAG
OUT_PUT: report.json
EXIT_CODE: 0
script:
- docker build -t YOUR_APP:APP_TAG .
# add scan script
- docker run --rm --mount 'type=bind,source=/,target=/host,readonly' -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/tool/resource veinmind/veinmind-runner $SCAN_ACTION $IMAGE_REF -o $OUT_PUT -e $EXIT_CODE
# 🏳️🌈 参数设置
参数名称 | 参数作用 | 默认值 |
---|---|---|
SCAN_ACTION | 扫描功能类型 | scan-host |
IMAGE_REF | 镜像 Reference | |
EXIT_CODE | 当发现安全问题时的程序退出码, 非零时阻断Pipeline | 0 |
OUT_PUT | 报告输出名称 | report.json |