summaryrefslogtreecommitdiffstats
path: root/jjb/ci_gate_security/anteater-security-audit.sh
AgeCommit message (Collapse)AuthorFilesLines
2017-09-21Change Anteater Report Directory PermissionsTrevor Bramwell1-0/+2
Setting this to allow all users to read/write the permissions enable the container to write to the volume mounted reports directory even though it is owned by the Jenkins user. JIRA: RELENG-313 Change-Id: Ib26e9b98cd17607c98a180888593c42376458f7f Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-07-16export detailed logs for each projectJulien1-1/+3
1. mapping .reports mapped into docker 2. export ./reports/* JIRA: RELENG-279 Change-Id: I4eef3b75589a9d8f36801931d1fd31b7e247c07a Signed-off-by: Julien <zhang.jun3g@zte.com.cn>
2017-06-27Pass fully qualified anteater path to Docker runTrevor Bramwell1-1/+1
With moving anteater into a virtualenv inside the container, it is no longer installed to a location accessible by the default PATH. Using the absolute path to the anteater binary should allow this to run. Change-Id: I978e96d6de1b6c7bb63ff877b5bc77e1b6ee44df Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-06-21Directly Run Anteater Docker ContainerTrevor Bramwell1-10/+6
The current approach is to run /bin/bash in a fully privilaged docker container as the root user and exec the anteater command from this. There are a couple of reasons this approach doesn't make sense: 1) anteater is not a long running service 2) anteater doesn't need any privilaged access to the host 3) anteater is already a compiled binary and can be ran directly Because the anteater container doesn't need access to all the host devices nor is it running docker containers inside of docker, the `--privileged=true` flag can be removed. Note: '--rm' is added as well to ensure volumes do not persist past the container lifecycle and lead to build server running out of disk space. JIRA: RELENG-250 Change-Id: I1ec90b3737abf591b6b3373fe2fc8f52cdcfb11a Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-06-14Add exit status, remove awk warningAric Gardner1-0/+1
Change-Id: I090e601b45b58fae4235867536553570f2674f9a Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Move gerrit comment logic to its own fileAric Gardner1-3/+0
this file will become too complicated to escape inside the job definition. Change-Id: I3e167bee5d315a7ff3b52e7274b68c3146dfbd03 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Fix gerrit commentAric Gardner1-2/+1
Change-Id: Id1340090fbf410f9eda5e115f554fee778d26b90 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14We cant report the results if anteater exits 1Aric Gardner1-1/+3
So I guess we put the voting logic in the report results to gerrit step Change-Id: I5a6d8c7986bc317648bbb7512ba4f8357bbb4f3c Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Report anteater results to gerrit.Aric Gardner1-1/+1
used tee to create audit log Change-Id: I6941e142064cf7c9b4586660be69df2a02807af3 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-13anteater: Fix jjb scriptFatih Degirmenci1-1/+1
Change-Id: Ib42cef840ff8118c32676efdf8c21c315c1f4911 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-06-13releng-anteater: Create script to run checks and adjust jjbFatih Degirmenci1-0/+33
Change-Id: I7f161b5f939eaeba019ce882a9977908ee0c01b8 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com> Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>