Skip to content

Commit

Permalink
tools: tests: add trivy vunerability scanner (make scan_trivy)
Browse files Browse the repository at this point in the history
  • Loading branch information
nodiscc committed Jul 25, 2023
1 parent 2fb6bb9 commit fca5fab
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 13 deletions.
25 changes: 14 additions & 11 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
.venv/
hecat.egg-info/
dist/
build/
tests/audio
tests/video
tests/shaarli.yml
tests/html-table
tests/awesome-selfhosted
tests/awesome-selfhosted-data
tests/awesome-selfhosted-html
/.venv/
/hecat.egg-info/
/dist/
/build/
/tests/audio
/tests/video
/tests/shaarli.yml
/tests/html-table
/tests/awesome-selfhosted
/tests/awesome-selfhosted-data
/tests/awesome-selfhosted-html
/tests/requirements.txt
/trivy
/trivy_0.43.0_Linux-64bit.tar.gz
13 changes: 11 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ help:

.PHONY: clean # clean files generated by make install/test_run
clean:
-rm -rf build/ dist/ hecat.egg-info/ tests/awesome-selfhosted tests/awesome-selfhosted-data tests/audio/ tests/video/ tests/shaarli.yml tests/html-table hecat.log tests/awesome-selfhosted-html
-rm -rf build/ dist/ hecat.egg-info/ tests/awesome-selfhosted tests/awesome-selfhosted-data tests/audio/ tests/video/ tests/shaarli.yml tests/html-table hecat.log tests/awesome-selfhosted-html tests/requirements.txt trivy trivy_*_Linux-64bit.tar.gz

# do not install sphinx from setup.py/install_requires, workaround for https://github.com/sphinx-doc/sphinx/issues/11130
.PHONY: install # install in a virtualenv
Expand All @@ -20,7 +20,7 @@ install:
##### TESTS #####

.PHONY: test # run tests
test: test_pylint clean test_import_shaarli test_download_video test_download_audio test_export_html_table clone_awesome_selfhosted test_import_awesome_selfhosted test_process_awesome_selfhosted test_awesome_lint test_export_awesome_selfhosted_md test_export_awesome_selfhosted_html
test: test_pylint clean test_import_shaarli test_download_video test_download_audio test_export_html_table clone_awesome_selfhosted test_import_awesome_selfhosted test_process_awesome_selfhosted test_awesome_lint test_export_awesome_selfhosted_md test_export_awesome_selfhosted_html scan_trivy

.PHONY: test_short # run tests except those that consume github API requests/long URL checks
test_short: test_pylint clean test_import_shaarli test_download_video test_download_audio test_export_html_table clone_awesome_selfhosted test_awesome_lint test_export_awesome_selfhosted_md test_export_awesome_selfhosted_html
Expand Down Expand Up @@ -104,3 +104,12 @@ test_export_html_table: test_import_shaarli install
mkdir -p tests/html-table
source .venv/bin/activate && \
hecat --config tests/.hecat.export_html_table.yml

TRIVY_VERSION=0.43.0
TRIVY_EXIT_CODE=1
.PHONY: scan_trivy # run trivy vulnerability scanner
scan_trivy:
source .venv/bin/activate && pip3 freeze --local > tests/requirements.txt
wget --quiet --continue -O trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
tar -z -x trivy -f trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
./trivy --exit-code $(TRIVY_EXIT_CODE) fs tests/requirements.txt

0 comments on commit fca5fab

Please sign in to comment.