forked from rcarrata/devsecops-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtask-rox-image-check.yaml.j2
51 lines (47 loc) · 1.59 KB
/
task-rox-image-check.yaml.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
name: rox-image-check
spec:
params:
- description: >-
Secret containing the address:port tuple for StackRox Central (example -
rox.stackrox.io:443)
name: rox_central_endpoint
type: string
- description: Secret containing the StackRox API token with CI permissions
name: rox_api_token
type: string
- description: 'Full name of image to scan (example -- gcr.io/rox/sample:5.0-rc1)'
name: image
type: string
- name: image_digest
description: Digest in sha256 hash format of the image to check
type: string
results:
- description: Output of `roxctl image check`
name: check_output
steps:
- env:
- name: ROX_API_TOKEN
valueFrom:
secretKeyRef:
key: rox_api_token
name: $(params.rox_api_token)
- name: ROX_CENTRAL_ENDPOINT
valueFrom:
secretKeyRef:
key: rox_central_endpoint
name: $(params.rox_central_endpoint)
image: registry.access.redhat.com/ubi8/ubi-minimal:latest
name: rox-image-check
resources: {}
script: >-
#!/usr/bin/env bash
set +x
curl -k -L -H "Authorization: Bearer $ROX_API_TOKEN"
https://$ROX_CENTRAL_ENDPOINT/api/cli/download/roxctl-linux --output
./roxctl > /dev/null; echo "Getting roxctl"
chmod +x ./roxctl > /dev/null
./roxctl image check --insecure-skip-tls-verify -e $ROX_CENTRAL_ENDPOINT
--image $(params.image)@$(params.image_digest)