Updated multi arch docker image value for trivy, syft, grype task and fixed lint failures

2024-11-21 05:55:35 +00:00 · 2023-07-20 11:25:24 +00:00 · 2023-07-20 11:25:24 +00:00 · 817610f914
commit 817610f914
parent e381c2c03c
3 changed files with 13 additions and 13 deletions
--- a/task/grype/0.1/grype.yaml
+++ b/task/grype/0.1/grype.yaml
@ -10,7 +10,7 @@ metadata:
    tekton.dev/categories: Security
    tekton.dev/tags: CLI, grype
    tekton.dev/displayName: "grype"
-    tekton.dev/platforms: "linux/amd64,linux/arm64"
+    tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/390x"
 spec:
  description: >-
    A vulnerability scanner for container images and filesystems.
@ -23,7 +23,7 @@ spec:
      description: The Arguments to be passed to Grype command.
      type: array
    - name: GRYPE_IMAGE
-      default: docker.io/anchore/grype@sha256:40c41e43eff0eb979375ea705f0cf5f6f698941099f63c890c3eb90b6ef72db5 # v0.47.0
+      default: docker.io/anchore/grype@sha256:06d97d03bded18b392e08177a84f3436376d18b6c22fd8fde45c2f38f04fd6ed  # v0.64.2
      description: Grype image to be used
      type: string
  steps:
--- a/task/syft/0.1/syft.yaml
+++ b/task/syft/0.1/syft.yaml
@ -10,7 +10,7 @@ metadata:
    tekton.dev/categories: Security
    tekton.dev/tags: CLI, syft
    tekton.dev/displayName: syft
-    tekton.dev/platforms: "linux/amd64,linux/arm64"
+    tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/390x"
 spec:
  description: >-
   CLI tool and library for generating a Software Bill of Materials from container images and filesystems
@ -22,7 +22,7 @@ spec:
      description: The Arguments to be passed to Syft command.
      type: array
    - name: SYFT_IMAGE
-      default: docker.io/anchore/syft@sha256:42ede68d8a8762e42715692221a212cba262ce3a252ed962abf3d44ce3e68a52 # v0.55.0
+      default: docker.io/anchore/syft@sha256:dd40bc09ff2bf3b860c399e7cf5c2db088e84c85937ac05fdeca3cd88fe2a728  # v0.85.0
      description: Syft image to be used
      type: string
  steps:
--- a/task/trivy-scanner/0.2/trivy-scanner.yaml
+++ b/task/trivy-scanner/0.2/trivy-scanner.yaml
@ -10,7 +10,7 @@ metadata:
    tekton.dev/categories: Security
    tekton.dev/tags: CLI, trivy
    tekton.dev/displayName: "trivy scanner"
-    tekton.dev/platforms: "linux/amd64"
+    tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/390x"
 spec:
  description: >-
    Trivy is a simple and comprehensive scanner for
@ -26,7 +26,7 @@ spec:
      description: The Arguments to be passed to Trivy command.
      type: array
    - name: TRIVY_IMAGE
-      default: docker.io/aquasec/trivy@sha256:dea76d4b50c75125cada676a87ac23de2b7ba4374752c6f908253c3b839201d9
+      default: docker.io/aquasec/trivy@sha256:944a044451791617cc0ed2ee4d1942a4f66b790d527fcd0575a6b399ccbc05a1  # 0.43.1
      description: Trivy scanner image to be used
    - name: IMAGE_PATH
      description: Image or Path to be scanned by trivy.
@ -45,14 +45,14 @@ spec:
          if [ "$(params.AIR_GAPPED_ENABLED)" = "true" ]; then
            echo "Air-Gapped mode enabled"
            TRIVY_TEMP_DIR=$(mktemp -d)
-            trivy --cache-dir $TRIVY_TEMP_DIR image --download-db-only
-            tar -cf ./db.tar.gz -C $TRIVY_TEMP_DIR/db metadata.json trivy.db
-            rm -rf $TRIVY_TEMP_DIR
-            mkdir -p $HOME/.cache/trivy/db
-            tar xvf ./db.tar.gz -C $HOME/.cache/trivy/db
-            cmd+="--skip-update "
+            trivy --cache-dir "$TRIVY_TEMP_DIR" image --download-db-only
+            tar -cf ./db.tar.gz -C "$TRIVY_TEMP_DIR/db" metadata.json trivy.db
+            rm -rf "$TRIVY_TEMP_DIR"
+            mkdir -p "$HOME"/.cache/trivy/db
+            tar xvf ./db.tar.gz -C "$HOME"/.cache/trivy/db
+            cmd="${cmd}--skip-update "
          fi
-          cmd+="$(params.IMAGE_PATH)"
+          cmd="${cmd}$(params.IMAGE_PATH)"
          echo "Running trivy task with command below"
          echo "$cmd"
          eval "$cmd"