stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c786faae84af5a2c5ee881349d042e8f85b50783
git.stella-ops.org/devops/tools/export-scripts/trivy-compat.sh
StellaOps Bot c786faae84 CD/CD consolidation
2025-12-26 18:11:06 +02:00

25 lines
741 B
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# DEVOPS-EXPORT-36-001: Trivy compatibility & signing checks
IMAGE=${IMAGE:-"ghcr.io/stella-ops/exporter:edge"}
OUT="out/export-compat"
mkdir -p "$OUT"
echo "[export-compat] pulling image $IMAGE"
docker pull "$IMAGE"
echo "[export-compat] running trivy image --severity HIGH,CRITICAL"
trivy image --severity HIGH,CRITICAL --quiet "$IMAGE" > "$OUT/trivy.txt" || true
echo "[export-compat] verifying cosign signature if present"
if command -v cosign >/dev/null 2>&1; then
cosign verify "$IMAGE" > "$OUT/cosign.txt" || true
fi
echo "[export-compat] trivy module db import smoke"
trivy module db import --file "$OUT/trivy-module.db" 2>/dev/null || true
echo "[export-compat] done; outputs in $OUT"
Reference in New Issue View Git Blame Copy Permalink