Clair JSON report artifact path about circleci-orbs HOT 8 CLOSED

This has been published as ovotech/[email protected].

from circleci-orbs.

It works for me. Do you have a circleci config and logs you can share?

from circleci-orbs.

Hi, we're not doing to much fancy, but we are using a private repository.

jobs:
  container_vulnerability_scan:
    executor: clair/default
    steps:
      - checkout
      - attach_workspace:
          at: .
      - run: *gcp-docker-login
      - clair/scan:
          image_file: "./gcr.image.version"

where the ./gcr.image.version contains the full /<repo>/<project>/<repo>:<tag>. The default file path is really not a path that would normally be available in a normal linux installation - where does the report go in your testing?

from circleci-orbs.

The report gets stored as a circleci artifact. Do you also need to read it from the filesystem?

from circleci-orbs.

I have made a change so clair reports will be saved at /clair-reports/<image_name>.json inside the build container (They will also be uploaded as circleci artifacts at the same path).
The image name includes any custom registry, e.g. /clair-reports/361339499037.dkr.ecr.eu-west-1.amazonaws.com/pe-orbs:latest.

Can you test if this works for your use case using orb version ovotech/clair-scanner@dev:report-path-fix?

from circleci-orbs.

@danielflookovo it now works. We would be okey with a static filename, probably we'd just parse and post the result to slack or something like that. Would it be possible to support the input parameter though, with the current functionality as the default?

from circleci-orbs.

The specified image_file can have multiple images listed, each with a separate report. A static filename doesn't make much sense there.

from circleci-orbs.

@danielflookovo ok, I see your point.

from circleci-orbs.