I am deploying my application with Jenkins pipeline currently running on docker. I dont have an issue getting the Trivy json report but I wish to convert it to HTML. My issue now is, the created HTML doesnt have the Trivy report in it. Its usually empty.
I downloaded the template from here, saved locally and linked with my Jenkins stage for Trivy scan.
This is my Trivy Jenkins Pipeline;
pipeline {
agent any
tools {
nodejs "nodejs-23-9-0"
}
environment {
nvdApiKey = credentials('NVD_Key')
scannerHome = tool 'SonarQube'
GIT_COMMIT_SHORT = sh(script: "git rev-parse --short HEAD", returnStdout: true).trim()
APP = "frontend"
BRANCH = env.BRANCH_NAME.replaceAll("/", "-")
}
stages {
stage('Create Tag for Docker Image') {
steps {
script {
if (env.BRANCH_NAME == "main" || env.BRANCH_NAME == "master") {
TAG.add("$APP:latest")
}
TAG = "${APP}:${BRANCH}-${GIT_COMMIT_SHORT}-build-${BUILD_NUMBER}"
}
}
}
stage('Build Docker Image') {
steps {
script {
sh "docker build -t $TAG ."
}
}
}
stage("Trivy Image Scan") {
steps {
timeout(3) {
sh """
rm -f frontend-trivy-noncritical-report.json
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v \$WORKSPACE/sonarqube-templates/html.tpl:sonarqube-templates/html.tpl \
aquasec/trivy image --exit-code 0 --severity LOW,MEDIUM,HIGH --format template --template "@/sonarqube-templates/html.tpl" ${TAG} | tee frontend-trivy-noncritical-report2.html
"""
}
}
}
}
How do I svae the output of the Trivy scan in frontend-trivy-noncritical-report2.html of my workspace
I tried the above code but no result. I am expecting the trivy json scan result to be converted to HTML
I am deploying my application with Jenkins pipeline currently running on docker. I dont have an issue getting the Trivy json report but I wish to convert it to HTML. My issue now is, the created HTML doesnt have the Trivy report in it. Its usually empty.
I downloaded the template from here, saved locally and linked with my Jenkins stage for Trivy scan.
This is my Trivy Jenkins Pipeline;
pipeline {
agent any
tools {
nodejs "nodejs-23-9-0"
}
environment {
nvdApiKey = credentials('NVD_Key')
scannerHome = tool 'SonarQube'
GIT_COMMIT_SHORT = sh(script: "git rev-parse --short HEAD", returnStdout: true).trim()
APP = "frontend"
BRANCH = env.BRANCH_NAME.replaceAll("/", "-")
}
stages {
stage('Create Tag for Docker Image') {
steps {
script {
if (env.BRANCH_NAME == "main" || env.BRANCH_NAME == "master") {
TAG.add("$APP:latest")
}
TAG = "${APP}:${BRANCH}-${GIT_COMMIT_SHORT}-build-${BUILD_NUMBER}"
}
}
}
stage('Build Docker Image') {
steps {
script {
sh "docker build -t $TAG ."
}
}
}
stage("Trivy Image Scan") {
steps {
timeout(3) {
sh """
rm -f frontend-trivy-noncritical-report.json
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v \$WORKSPACE/sonarqube-templates/html.tpl:sonarqube-templates/html.tpl \
aquasec/trivy image --exit-code 0 --severity LOW,MEDIUM,HIGH --format template --template "@/sonarqube-templates/html.tpl" ${TAG} | tee frontend-trivy-noncritical-report2.html
"""
}
}
}
}
How do I svae the output of the Trivy scan in frontend-trivy-noncritical-report2.html of my workspace
I tried the above code but no result. I am expecting the trivy json scan result to be converted to HTML
Share Improve this question asked Mar 21 at 14:51 Achebe PeterAchebe Peter 11 Answer
Reset to default 0Try redirecting output to a file and double-checking your template’s mount. For example, modify your command to:
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$WORKSPACE/sonarqube-templates/html.tpl":/sonarqube-templates/html.tpl \
aquasec/trivy image --exit-code 0 --severity LOW,MEDIUM,HIGH \
--format template --template "@/sonarqube-templates/html.tpl" ${TAG} \
> frontend-trivy-noncritical-report2.html