cue modules: move stdlib to pkg/alpha.dagger.io
In preparation for Europa, we will vendor multiple CUE modules: - `pkg/alpha.dagger.io`: legacy non-europa packages - `pkg/dagger.io`: core Europa packages - `pkg/universe.dagger.io`: Europa universe Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This commit is contained in:
Andrea Luzzardi
64
pkg/alpha.dagger.io/trivy/image.cue
Normal file
64
pkg/alpha.dagger.io/trivy/image.cue
Normal file
@@ -0,0 +1,64 @@
|
||||
package trivy
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"alpha.dagger.io/os"
|
||||
)
|
||||
|
||||
// Scan an Image
|
||||
#Image: {
|
||||
// Trivy configuration
|
||||
config: #Config
|
||||
|
||||
// Image source (AWS, GCP, Docker Hub, Self hosted)
|
||||
source: string
|
||||
|
||||
// Trivy Image arguments
|
||||
args: [arg=string]: string
|
||||
// Enforce args best practices
|
||||
args: {
|
||||
"--severity": *"HIGH,CRITICAL" | string
|
||||
"--exit-code": *"1" | string
|
||||
"--ignore-unfixed": *"" | string
|
||||
"--format": *"table" | string
|
||||
"--output": *"output" | string
|
||||
}
|
||||
|
||||
ctr: os.#Container & {
|
||||
image: #CLI & {
|
||||
"config": config
|
||||
}
|
||||
shell: {
|
||||
path: "/bin/bash"
|
||||
args: ["--noprofile", "--norc", "-eo", "pipefail", "-c"]
|
||||
}
|
||||
always: true
|
||||
command: #"""
|
||||
trivyArgs="$(
|
||||
echo "$ARGS" |
|
||||
jq -c '
|
||||
to_entries |
|
||||
map(.key + " " + (.value | tostring) + " ") |
|
||||
add
|
||||
')"
|
||||
|
||||
# Remove suffix and prefix quotes if present
|
||||
trivyArgs="${trivyArgs#\"}"
|
||||
trivyArgs="${trivyArgs%\"}"
|
||||
|
||||
trivy image $trivyArgs "$SOURCE"
|
||||
echo -n "$SOURCE" > /ref
|
||||
"""#
|
||||
env: ARGS: json.Marshal(args)
|
||||
env: SOURCE: source
|
||||
}
|
||||
|
||||
// Reference analyzed
|
||||
ref: {
|
||||
os.#File & {
|
||||
from: ctr
|
||||
path: "/ref"
|
||||
}
|
||||
}.contents @dagger(output)
|
||||
}
|
||||
Reference in New Issue
Block a user