Feat(Trivy-chaos-exporter): Adding trivy check to the travis pipeline (…

…#49) * Adding trivy check to the travis pipeline Signed-off-by: Raj <[email protected]>
litmuschaos · Mar 26, 2020 · 3b3726e · 3b3726e
1 parent 039849b
commit 3b3726e
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 41 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -32,17 +32,24 @@ before_script:
   - "sudo chown -R travis: /home/travis/.minikube/"
   # Wait for Kubernetes to be up and ready.
   - JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done
+  # Installing Trivy Deps
+  - sudo apt-get install wget apt-transport-https gnupg lsb-release
+  - wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+  - echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+  - sudo apt-get update
+  - sudo apt-get install trivy
 
 script:
-  # Installing Go Dependencies
-  - make godeps
-  # bdd testing dependencies - ginkgo and gomega
-  - make bdddeps
-  # Running all go tests
+  # Installing and configuring dependencies
+  - make deps
+  # Test
   - make test
   # Build
   - make build
+  # Running Security check
+  - make security-checks
+
 
 after_success:
   - sudo minikube delete
-  - make dockerops
+  - make push
diff --git a/Makefile b/Makefile
@@ -7,7 +7,7 @@ HOME = $(shell echo $$HOME)
 PACKAGES = $(shell go list ./... | grep -v '/vendor/')
 
 .PHONY: all
-all: format lint build test dockerops 
+all: format lint deps build test security-checks push 
 
 .PHONY: help
 help:
@@ -16,25 +16,6 @@ help:
 	@echo "\tmake all   -- [default] builds the chaos exporter container"
 	@echo ""
 
-.PHONY: godeps
-godeps:
-	@echo ""
-	@echo "INFO:\tverifying dependencies for chaos exporter build ..."
-	@go get -u -v golang.org/x/lint/golint
-	@go get -u -v golang.org/x/tools/cmd/goimports
-	@go get -u -v github.com/golang/dep/cmd/dep
-
-_build_check_docker:
-	@if [ $(IS_DOCKER_INSTALLED) -eq 1 ]; \
-		then echo "" \
-		&& echo "ERROR:\tdocker is not installed. Please install it before build." \
-		&& echo "" \
-		&& exit 1; \
-		fi;
-
-.PHONY: deps
-deps: _build_check_docker godeps
-
 .PHONY: format
 format:
 	@echo "------------------"
@@ -53,36 +34,73 @@ lint:
 	@echo "------------------"
 	@go vet $(PACKAGES)
 
+.PHONY: deps
+deps: _build_check_docker godeps bdddeps
+
+_build_check_docker:
+	@if [ $(IS_DOCKER_INSTALLED) -eq 1 ]; \
+		then echo "" \
+		&& echo "ERROR:\tdocker is not installed. Please install it before build." \
+		&& echo "" \
+		&& exit 1; \
+		fi;
+
+godeps:
+	@echo ""
+	@echo "INFO:\tverifying dependencies for chaos exporter build ..."
+	@go get -u -v golang.org/x/lint/golint
+	@go get -u -v golang.org/x/tools/cmd/goimports
+	@go get -u -v github.com/golang/dep/cmd/dep
+
+.PHONY: bdddeps
+bdddeps:
+	@echo "------------------"
+	@echo "bdd test dependencies"
+	@echo "INFO:\tverifying dependencies for bdddeps ..."
+	@echo "------------------"
+	@go get -u github.com/onsi/ginkgo
+	@go get -u github.com/onsi/gomega 
+	kubectl create -f https://raw.githubusercontent.com/litmuschaos/chaos-operator/master/deploy/chaos_crds.yaml
+	kubectl create ns litmus
+
 .PHONY: build  
-build:
+build: go-build docker-build
+
+go-build:
 	@echo "------------------"
 	@echo "--> Build Chaos Exporter"
 	@echo "------------------"
 	@go build ./cmd/exporter 
 
+docker-build: 
+	@echo "------------------"
+	@echo "--> Build chaos-exporter image" 
+	@echo "------------------"
+	# Dockerfile available in the repo root
+	sudo docker build . -f Dockerfile -t litmuschaos/chaos-exporter:ci
+
 .PHONY: test
 test:
 	@echo "------------------"
 	@echo "--> Run Go Test"
 	@echo "------------------"
 	@go test ./... -v -count=1
 
-.PHONY: dockerops
-dockerops: 
+.PHONY: security-checks
+security-checks: trivy-security-check
+
+trivy-security-check:
 	@echo "------------------"
-	@echo "--> Build chaos-exporter image" 
+	@echo "--> Trivy Security Check"
 	@echo "------------------"
-	# Dockerfile available in the repo root
-	sudo docker build . -f Dockerfile -t litmuschaos/chaos-exporter:ci  
-	REPONAME="litmuschaos" IMGNAME="chaos-exporter" IMGTAG="ci" ./buildscripts/push
+	trivy --exit-code 0 --severity HIGH --no-progress litmuschaos/chaos-exporter:ci
+	trivy --exit-code 1 --severity CRITICAL --no-progress litmuschaos/chaos-exporter:ci
 
-.PHONY: bdddeps
-bdddeps:
+.PHONY: push
+push: docker-Push
+
+docker-push:
 	@echo "------------------"
-	@echo "bdd test dependencies"
-	@echo "INFO:\tverifying dependencies for bdddeps ..."
+	@echo "--> Push chaos-exporter image" 
 	@echo "------------------"
-	@go get -u github.com/onsi/ginkgo
-	@go get -u github.com/onsi/gomega 
-	kubectl create -f https://raw.githubusercontent.com/litmuschaos/chaos-operator/master/deploy/chaos_crds.yaml
-	kubectl create ns litmus
+	REPONAME="litmuschaos" IMGNAME="chaos-exporter" IMGTAG="ci" ./buildscripts/push