Amazon Linux 2023 Container Scan with Trivy [2023-04-12]

Started by user letslearntogether.info
Obtained Jenkinsfile.trivy-amazon from git https://github.com/ffturan/practice.git/
Resume disabled by user, switching to high-performance, low-durability mode.
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/trivy-amazon-linux
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
The recommended git tool is: NONE
using credential ed599e1d-a641-4f7d-a333-9308281bd4d8
 > git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/trivy-amazon-linux/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/ffturan/practice.git/ # timeout=10
Fetching upstream changes from https://github.com/ffturan/practice.git/
 > git --version # timeout=10
 > git --version # 'git version 2.39.2'
using GIT_ASKPASS to set credentials 
 > git fetch --tags --force --progress -- https://github.com/ffturan/practice.git/ +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision 38c15d28e725d72020632e8b0e800208b6a9d3aa (refs/remotes/origin/main)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 38c15d28e725d72020632e8b0e800208b6a9d3aa # timeout=10
Commit message: "Update"
 > git rev-list --no-walk a27e775456967a0f9c8428b7b25c3c8e6d447bdc # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build Container)
[Pipeline] echo
Building container !!
[Pipeline] sh
+ cat Dockerfile.amazon
FROM public.ecr.aws/amazonlinux/amazonlinux:latest

RUN yum -y update
[Pipeline] sh
+ docker build -t amazon:scan -f Dockerfile.amazon .
#1 [internal] load .dockerignore
#1 transferring context: 2B 0.0s done
#1 DONE 0.1s

#2 [internal] load build definition from Dockerfile.amazon
#2 transferring dockerfile: 166B 0.0s done
#2 DONE 0.2s

#3 [internal] load metadata for public.ecr.aws/amazonlinux/amazonlinux:latest
#3 DONE 0.5s

#4 [1/2] FROM public.ecr.aws/amazonlinux/amazonlinux:latest@sha256:1241d87a424c299c6cccc4528504c80bf02923529628edd94ea6fb0ab01030e1
#4 DONE 0.0s

#5 [2/2] RUN yum -y update
#5 CACHED

#6 exporting to image
#6 exporting layers done
#6 writing image sha256:1e3b42d01d74293c5eeca56149627b1fd657fb5fea8d2733d76d22062d9ed597 0.0s done
#6 naming to docker.io/library/amazon:scan done
#6 DONE 0.0s
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Test Container with Trivy)
[Pipeline] sh
+ trivy image amazon:scan
2023-04-12T09:28:59.420-0400	INFO	Vulnerability scanning is enabled
2023-04-12T09:28:59.420-0400	INFO	Secret scanning is enabled
2023-04-12T09:28:59.420-0400	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-04-12T09:28:59.420-0400	INFO	Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection
2023-04-12T09:28:59.470-0400	INFO	Detected OS: amazon
2023-04-12T09:28:59.470-0400	INFO	Detecting Amazon Linux vulnerabilities...
2023-04-12T09:28:59.505-0400	INFO	Number of language-specific files: 0

amazon:scan (amazon 2023 (Amazon Linux))
========================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (CleanUp)
[Pipeline] sh
++ grep -v CONTAINER
++ gawk '{print $1}'
++ docker ps --all
++ docker images --all
++ gawk '{print $3}'
++ grep -v IMAGE
+ for C in $(docker images --all | gawk {'print $3'} | grep -v IMAGE)
+ docker rmi -f 1e3b42d01d74
Untagged: amazon:scan
Deleted: sha256:1e3b42d01d74293c5eeca56149627b1fd657fb5fea8d2733d76d22062d9ed597
+ docker ps --all
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
+ docker images --all
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS