Merge branch 'update-trivy' into 'master'

Update trivy See merge request !24

Merge branch 'update-trivy' into 'master'
7e18938a · Jeremy M Fee · 36f1b9cb · ed79c061 · 7e18938a · 7e18938a
Commit 7e18938a authored 4 years ago by Jeremy M Fee
--- a/.dockerignore
+++ b/.dockerignore
 .coverage
 .DS_Store
 .git
+.pytest_cache
+coverage.xml
 node_modules
+test
 *.pyc
-coverage.xml
\ No newline at end of file
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -167,7 +167,7 @@ Scan Docker Image:
    - tags@ghsc/geomag/geomag-algorithms
  script:
    # install trivy
-    - apk add --update-cache --upgrade curl rpm
+    - apk add --update-cache --upgrade curl grep rpm sed
    - VERSION=$(
      curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | \
      grep '"tag_name":' | \
@@ -176,7 +176,7 @@ Scan Docker Image:
    - wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz
    - tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz
    # run trivy
-    - trivy --exit-code 0 --no-progress ${INTERNAL_IMAGE}
+    - ./trivy --exit-code 0 --no-progress ${INTERNAL_IMAGE}
  services:
    - docker:19.03-dind
  stage: scan

--- a/Pipfile
+++ b/Pipfile
@@ -4,10 +4,12 @@ url = "https://pypi.org/simple"
 verify_ssl = true
 [dev-packages]
+bandit = "*"
 black = "==20.8b1"
 pre-commit = "*"
 pytest = "*"
 pytest-cov = "*"
+safety = "*"
 webtest = "*"
 [packages]

--- a/Pipfile.lock
+++ b/Pipfile.lock
--- a/scripts/ci_check_code.sh
+++ b/scripts/ci_check_code.sh
@@ -17,3 +17,4 @@ pipenv --site-packages install --dev --pre --skip-lock
 # Run Code Checks
 pipenv run black --check .
 pipenv run pytest --cov-report xml:cov.xml --cov=geomagio
+pipenv run safety check