how to use dagger with trivy scan on gitlab pipelines (images) using codegen with python | Dagger | Page 1

brisk nest Apr 30, 2024, 10:08 AM

#

Hi,
am new on dagger and seen some tutorial, but almost all are in go
I want to make trivy scan on docker images from gitlab pipelines.
I want to know how to define in dagger, dockerfile, dockercompose, poetry, pipelines... may be later helmcharts security scans...
Is somewhere some guidelines to know where the code i may write on my tree

this is my tree:

tree
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
.
├── pyproject.toml
├── requirements.lock
├── sdk
│   ├── codegen
│   │   ├── pyproject.toml
│   │   ├── requirements.lock
│   │   └── src
│   │       └── codegen
│   │           ├── cli.py
│   │           ├── generator.py
│   │           ├── __init__.py
│   │           └── __main__.py
│   ├── LICENSE
│   ├── pyproject.toml
│   ├── README.md
│   └── src
│       └── dagger
│           ├── client
│           │   ├── base.py
│           │   ├── _core.py
│           │   ├── gen.py
│           │   ├── _guards.py
│           │   ├── __init__.py
│           │   ├── _otel.py
│           │   └── _session.py
│           ├── _config.py
│           ├── _connection.py
│           ├── _engine
│           │   ├── conn.py
│           │   ├── download.py
│           │   ├── __init__.py
│           │   ├── progress.py
│           │   ├── session.py
│           │   └── _version.py
│           ├── _exceptions.py
│           ├── __init__.py
│           ├── log.py
│           ├── _managers.py
│           ├── mod
│           │   ├── _arguments.py
│           │   ├── cli.py
│           │   ├── _converter.py
│           │   ├── _exceptions.py
│           │   ├── __init__.py
│           │   ├── _module.py
│           │   ├── _resolver.py
│           │   ├── _types.py
│           │   └── _utils.py
│           └── py.typed
└── src
    ├── dagger.yaml
    ├── Dockerfile
    ├── gitlab-ci.yaml
    └── main
        └── __init__.py

i am using codegen, and trivy, so i trying to use docker extension
but need some help to change mu dinosaurus thinking 😉

misty gull Apr 30, 2024, 10:28 AM

#

https://daggerverse.dev/search?q=trivy not sure if any of those may help?

trivy :: Daggerverse

Search Daggerverse modules.

#

@brisk nest https://docs.dagger.io/integrations/734201/gitlab also check that out

GitLab CI | Dagger

The following code sample demonstrates how to integrate Dagger with GitLab CI.

brisk nest Apr 30, 2024, 3:21 PM

#

still am dummy and dont see the way

lilac surge Apr 30, 2024, 7:45 PM

#

@undone heath has Trivy experience - cc @bitter oracle as well

undone heath Apr 30, 2024, 7:46 PM

#

brisk nest still am dummy and dont see the way

Happy to help! Can jump on a video chat, for example.

#

So, you can put your Dagger module code outside your repo for now and feed your GitLab repo in as an argument to lint, build, scan it.

For example, you could run ruff to lint your Python project right from its GitLab repo.
My fossa project in GitLab is a Python project.
You can run that! 👇

dagger -m github.com/kpenfound/dagger-modules/ruff \
call check --directory https://gitlab.com/jpadams301/fossa

All checks passed!

#

You could use Dagger to build your project into a container image.
Either using the existing Dockerfile or by translating your Dockerfile into Dagger Python SDK code.

Then you could scan it with a Trivy module.

Then can publish your image to a registry...and then you can do whatever to deploy it.

One step at a time is best 🙂

#

Then you can put it all together.

misty gull Apr 30, 2024, 7:57 PM

#

definetely agree with @undone heath

#how to use dagger with trivy scan on gitlab pipelines (images) using codegen with python