-
Notifications
You must be signed in to change notification settings - Fork 191
/
violation_scan_helm.yaml
45 lines (39 loc) · 1.38 KB
/
violation_scan_helm.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
substitutions:
_IMAGE: us-docker.pkg.dev/k8ssecurityvalidation-agent/k8ssecurityvalidation-agent/k8ssecurityvalidation-agent@sha256:7eaedb4153841b814e6b5367e63214318cb3318f902427b9214474e1256d0b37
steps:
- name: 'ubuntu'
id: 'Copy Folder Locally'
entrypoint: 'bash'
args:
- '-c'
- |
mkdir -p security_test/scan_target/ && find . -mindepth 1 -maxdepth 1 -type d ! -name "security_test" -exec cp -r {} security_test/scan_target/ \;
- name: 'ubuntu'
id: 'Copy metadata'
entrypoint: 'bash'
args:
- '-c'
- |
mkdir -p /workspace/security_test/scan_target
# Exclude /workspace/security_test from the copy to avoid recursive issue
find . -mindepth 1 -maxdepth 1 ! -path "./security_test" -exec cp -r {} /workspace/security_test/scan_target/ \;
chown -R 65532:65532 /workspace/security_test/scan_target
- name: 'gcr.io/cloud-builders/docker'
id: 'Run Docker Image'
args:
- 'run'
- '--network=cloudbuild'
- '--rm'
- '-v'
- '/workspace/security_test/allowlist:/workspace/security_test/allowlist'
- '-v'
- '/workspace/security_test/scan_target:/workspace/security_test/scan_target'
- '${_IMAGE}'
- '--mode=helm'
- '--allowlist_folder=/workspace/security_test/allowlist'
- '--scan_path=/workspace/security_test/scan_target'
- '--max_wait_duration=60'
# Fail the build if there are any violations
timeout: '12000s'
options:
logging: CLOUD_LOGGING_ONLY