tc-scanner 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -25
- package/bin/cli.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@ A CI security scanner for Dockerfiles, container images, dependencies, and secre
|
|
|
4
4
|
|
|
5
5
|
## Requirements
|
|
6
6
|
|
|
7
|
-
**Docker is required.** The scanner runs Trivy inside a container, so no additional installation is needed. All major CI platforms (Bitbucket Pipelines, GitHub Actions, GitLab CI
|
|
7
|
+
**Docker is required.** The scanner runs Trivy inside a container, so no additional installation is needed. All major CI platforms (Bitbucket Pipelines, GitHub Actions, GitLab CI) have Docker available by default.
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
@@ -190,6 +190,8 @@ pipelines:
|
|
|
190
190
|
script:
|
|
191
191
|
- npx tc-scanner scan ./Dockerfile --severity HIGH
|
|
192
192
|
- npx tc-scanner deps . --severity HIGH
|
|
193
|
+
# Send results to Slack or custom webhook
|
|
194
|
+
- npx tc-scanner scan ./Dockerfile --webhook $SECURITY_WEBHOOK_URL --exit-code 0
|
|
193
195
|
|
|
194
196
|
pull-requests:
|
|
195
197
|
'**':
|
|
@@ -202,6 +204,8 @@ pipelines:
|
|
|
202
204
|
- npx tc-scanner secrets ./src
|
|
203
205
|
```
|
|
204
206
|
|
|
207
|
+
> **Note:** Add `SECURITY_WEBHOOK_URL` as a repository variable in Bitbucket settings for webhook notifications.
|
|
208
|
+
|
|
205
209
|
### GitHub Actions
|
|
206
210
|
|
|
207
211
|
```yaml
|
|
@@ -244,30 +248,6 @@ security-scan:
|
|
|
244
248
|
when: always
|
|
245
249
|
```
|
|
246
250
|
|
|
247
|
-
### CircleCI
|
|
248
|
-
|
|
249
|
-
```yaml
|
|
250
|
-
version: 2.1
|
|
251
|
-
|
|
252
|
-
jobs:
|
|
253
|
-
security-scan:
|
|
254
|
-
docker:
|
|
255
|
-
- image: cimg/node:20.0
|
|
256
|
-
steps:
|
|
257
|
-
- checkout
|
|
258
|
-
- setup_remote_docker
|
|
259
|
-
- run:
|
|
260
|
-
name: Security Scan
|
|
261
|
-
command: |
|
|
262
|
-
npx tc-scanner scan ./Dockerfile --severity HIGH
|
|
263
|
-
npx tc-scanner deps . --severity HIGH
|
|
264
|
-
|
|
265
|
-
workflows:
|
|
266
|
-
main:
|
|
267
|
-
jobs:
|
|
268
|
-
- security-scan
|
|
269
|
-
```
|
|
270
|
-
|
|
271
251
|
## Exit Codes
|
|
272
252
|
|
|
273
253
|
| Code | Meaning |
|
package/bin/cli.js
CHANGED
|
@@ -6,7 +6,7 @@ import { scanDockerfile, scanImage, scanFilesystem, sendWebhook } from '../src/s
|
|
|
6
6
|
const main = defineCommand({
|
|
7
7
|
meta: {
|
|
8
8
|
name: 'tc-scan',
|
|
9
|
-
version: '0.1.
|
|
9
|
+
version: '0.1.2',
|
|
10
10
|
description: 'CI security scanner for Dockerfiles, images, dependencies, and secrets.\n\nRequires Docker. Powered by Trivy.',
|
|
11
11
|
},
|
|
12
12
|
subCommands: {
|