pleibling/security-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

playbooks/trivy_docker_scan.yml aktualisiert

Browse Source
This commit is contained in:
pleibling 2025-12-30 18:46:52 +00:00
parent b2d9ea5aae
commit a8ad9ce70e
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
playbooks/trivy_docker_scan.yml
View File

@ -3,12 +3,15 @@
hosts: docker_nodes hosts: docker_nodes
become: yes become: yes
tasks: tasks:
- name: Sicherstellen, dass Trivy installiert ist (Ubuntu) - name: Sicherstellen, dass Trivy installiert ist (Ubuntu Noble)
ansible.builtin.shell: | ansible.builtin.shell: |
if ! command -v trivy &> /dev/null; then if ! command -v trivy &> /dev/null; then
apt-get update
apt-get install -y wget apt-transport-https gnupg lsb-release apt-get install -y wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/dabest.gpg | gpg --dearmor -o /usr/share/keyrings/trivy.gpg # Korrekter GPG Key Download
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor -o /usr/share/keyrings/trivy.gpg
# Repository hinzufügen
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/trivy.list
apt-get update apt-get update
apt-get install -y trivy apt-get install -y trivy
fi fi
@ -21,7 +24,7 @@
register: scan_output register: scan_output
- name: Zeige Scan-Zusammenfassung im Log - name: Zeige Scan-Zusammenfassung im Log
ansible.builtin.command: ansible.builtin.shell:
cmd: trivy image --severity HIGH,CRITICAL nginx:latest cmd: trivy image --severity HIGH,CRITICAL nginx:latest
register: trivy_summary register: trivy_summary