mirror of
https://github.com/aquasecurity/trivy-action.git
synced 2026-05-14 11:12:40 +00:00
Achton Smidt Winther
2b22459068
* Fix bug with test for securityChecks option which caused it to be skipped. * Convert tests to JSON output only, and update them for Trivy 0.28.1. * Update CI test to use Trivy 0.28.1.
58 lines
2.4 KiB
Bash
58 lines
2.4 KiB
Bash
#!/usr/bin/env bats
|
|
|
|
@test "trivy image" {
|
|
# trivy image --severity CRITICAL --format json --output image.test knqyf263/vuln-image:1.2.3
|
|
./entrypoint.sh '-a image' '-i knqyf263/vuln-image:1.2.3' '-b json' '-h image.test' '-g CRITICAL'
|
|
result="$(diff ./test/data/image.test image.test)"
|
|
[ "$result" == '' ]
|
|
}
|
|
|
|
@test "trivy image sarif report" {
|
|
# trivy image --severity CRITICAL -f sarif --output image-sarif.test knqyf263/vuln-image:1.2.3
|
|
./entrypoint.sh '-a image' '-i knqyf263/vuln-image:1.2.3' '-b sarif' '-h image-sarif.test' '-g CRITICAL'
|
|
result="$(diff ./test/data/image-sarif.test image-sarif.test)"
|
|
[ "$result" == '' ]
|
|
}
|
|
|
|
@test "trivy config" {
|
|
# trivy config --format json --output config.test .
|
|
./entrypoint.sh '-a config' '-j .' '-b json' '-h config.test'
|
|
result="$(diff ./test/data/config.test config.test)"
|
|
[ "$result" == '' ]
|
|
}
|
|
|
|
@test "trivy rootfs" {
|
|
# trivy rootfs --format json --output rootfs.test .
|
|
./entrypoint.sh '-a rootfs' '-j .' '-b json' '-h rootfs.test'
|
|
result="$(diff ./test/data/rootfs.test rootfs.test)"
|
|
[ "$result" == '' ]
|
|
}
|
|
|
|
@test "trivy fs" {
|
|
# trivy fs --format json --output fs.test .
|
|
./entrypoint.sh '-a fs' '-j .' '-b json' '-h fs.test'
|
|
result="$(diff ./test/data/fs.test fs.test)"
|
|
[ "$result" == '' ]
|
|
}
|
|
|
|
@test "trivy fs with securityChecks option" {
|
|
# trivy fs --format json --security-checks=vuln,config --output fs-scheck.test .
|
|
./entrypoint.sh '-a fs' '-j .' '-b json' '-s vuln,config,secret' '-h fs-scheck.test'
|
|
result="$(diff ./test/data/fs-scheck.test fs-scheck.test)"
|
|
[ "$result" == '' ]
|
|
}
|
|
|
|
@test "trivy repo with securityCheck secret only" {
|
|
# trivy repo --format json --output repo.test --security-checks=secret https://github.com/krol3/demo-trivy/
|
|
./entrypoint.sh '-b json' '-h repo.test' '-s secret' '-a repo' '-j https://github.com/krol3/demo-trivy/'
|
|
result="$(diff ./test/data/repo.test repo.test)"
|
|
[ "$result" == '' ]
|
|
}
|
|
|
|
@test "trivy image with trivyIgnores option" {
|
|
# cat ./test/data/.trivyignore1 ./test/data/.trivyignore2 > ./trivyignores ; trivy image --severity CRITICAL --format json --output image-trivyignores.test --ignorefile ./trivyignores knqyf263/vuln-image:1.2.3
|
|
./entrypoint.sh '-a image' '-i knqyf263/vuln-image:1.2.3' '-b json' '-h image-trivyignores.test' '-g CRITICAL' '-t ./test/data/.trivyignore1,./test/data/.trivyignore2'
|
|
result="$(diff ./test/data/image-trivyignores.test image-trivyignores.test)"
|
|
[ "$result" == '' ]
|
|
}
|