Hi,
I am testing report in AWS CodeBuild, and I can't understand why the report is always in "Incomplete" status?
Buildspec:
version: 0.2
phases:
install:
runtime-versions:
docker: 20
pre_build:
commands:
- echo "Installing Trivy..."
- rpm -ivh https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.rpm
build:
commands:
- echo "Scanning Docker image for vulnerabilities..."
- trivy image -f json -o trivy_results.json nginx
reports:
trivy-scan:
files:
- 'trivy_results.json'
base-directory: '/'
discard-paths: no
Report status:
I checked permissions are fine:
"Effect": "Allow",
"Action": [
"codebuild:CreateReportGroup",
"codebuild:CreateReport",
"codebuild:UpdateReport",
"codebuild:BatchPutTestCases",
"codebuild:BatchPutCodeCoverages"
],
The other thing I was looking at the file-format section and wondered, is it possible to read trivy reports in CodeBuild? https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.reports
The following file formats are supported. The file-format defaults to JUNITXML. https://docs.aws.amazon.com/codebuild/latest/userguide/test-reporting.html