6868}
6969
7070dockerImageScan () {
71- # TODO check feasibility of mount/mountWithLayers
7271 IMAGE=" ${BUILDKITE_PLUGIN_WIZ_IMAGE_ADDRESS:- } "
7372 # make sure local docker has the image
7473 docker pull " $IMAGE "
7574 docker run \
7675 --rm -it \
76+ --cap-add SYS_ADMIN \
7777 --mount type=bind,src=" $WIZ_DIR "
7878 --mount type=bind,src=" $PWD "
79- --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock,readonly \
79+ --mount type=bind,src=/var/lib/docker,dst=/var/lib/docker \
80+ --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
8081 wiziocli.azurecr.io/wizcli:latest-amd64 \
8182 docker scan --image " $IMAGE "
83+ --driver mount \
8284 --policy-hits-only \
8385 -f human \
8486 -o /scan/docker-scan-result,human,true
@@ -88,7 +90,9 @@ dockerImageScan() {
8890 # buildkite-agent artifact upload docker-scan-result --log-level info
8991 case $exit_code in
9092 0)
91- buildAnnotation " docker" " $image_name " true " $PWD /docker-scan-result" | buildkite-agent annotate --append --style ' success' ' ctx-wiz-docker-success'
93+ if [[ -n " ${BUILDKITE_PLUGIN_WIZ_ANNOTATE_SUCCESS} " ; then
94+ buildAnnotation " docker" " $image_name " true " $PWD /docker-scan-result" | buildkite-agent annotate --append --style ' success' ' ctx-wiz-docker-success'
95+ fi
9296 exit 0
9397 ;;
9498 * )
@@ -114,7 +118,9 @@ iacScan() {
114118 exit_code=" $? "
115119 case $exit_code in
116120 0)
117- buildAnnotation " iac" " $BUILDKITE_LABEL " true " $PWD /result/output" | buildkite-agent annotate --append --context ' ctx-wiz-iac-success' ' success'
121+ if [[ -n " ${BUILDKITE_PLUGIN_WIZ_ANNOTATE_SUCCESS} " ; then
122+ buildAnnotation " iac" " $BUILDKITE_LABEL " true " $PWD /result/output" | buildkite-agent annotate --append --context ' ctx-wiz-iac-success' ' success'
123+ fi
118124 ;;
119125 * )
120126 buildAnnotation " iac" " $BUILDKITE_LABEL " false " $PWD /result/output" | buildkite-agent annotate --append --context ' ctx-wiz-iac-warning' ' warning'
0 commit comments