fix(ch07s11): Checking a deternimistic security vulnerability (#52)

RedHatTraining · Jul 20, 2021 · 4634eec · 4634eec
1 parent 5b29944
commit 4634eec
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/calculator-monolith/kubefiles/security-scan-template.yml b/calculator-monolith/kubefiles/security-scan-template.yml
@@ -25,7 +25,8 @@ objects:
                 - >-
                   cd /tmp &&
                   curl -sL https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_RELEASE}/trivy_${TRIVY_RELEASE}_Linux-64bit.tar.gz -o - | tar -zxf - &&
-                  ./trivy fs --cache-dir /tmp/.cache --exit-code 1 --severity HIGH,CRITICAL --no-progress --ignore-unfixed /
+                  { ./trivy fs --cache-dir /tmp/.cache --severity HIGH,CRITICAL --no-progress --ignore-unfixed / | grep ${CVE_CODE} ;
+                  ./trivy fs --cache-dir /tmp/.cache --severity HIGH,CRITICAL --no-progress --ignore-unfixed / | grep ${CVE_CODE}  | wc -l | xargs -I % sh -c 'test % -eq 0' ; }
           restartPolicy: Never
 
 parameters:
@@ -42,3 +43,7 @@ parameters:
     description: "Trivy Release Version"
     required: false
     value: "0.14.0"
+  - name: CVE_CODE
+    description: "CVE Code"
+    required: false
+    value: "CVE-2021-23840"