CI/CD Drill Answers

---

Drill 1

trivy image grokdevops:latest --severity CRITICAL,HIGH
# Or via Makefile:
make trivy-scan

---

Drill 2

helm lint devops/helm/grokdevops -f devops/helm/values-dev.yaml
# Or via Makefile:
make helm-lint

---

Drill 3

python3 -m pytest tests/ -v

---

Drill 4

docker build -t grokdevops:test .
# Or via Makefile:
make build

---

Drill 5

cd devops/terraform && terraform fmt -check && terraform validate
# Or via Makefile:
make terraform-validate

---

Drill 6

cat .github/workflows/ci.yml

Look for the jobs: section to see defined jobs and their steps.

---

Drill 7

trivy image grokdevops:latest | grep CVE-2023-44487

Or for a focused scan:

trivy image grokdevops:latest --severity CRITICAL,HIGH --format json | python3 -c "import sys,json; data=json.load(sys.stdin); [print(v['VulnerabilityID']) for r in data.get('Results',[]) for v in r.get('Vulnerabilities',[]) if 'CVE-2023-44487' in v['VulnerabilityID']]"

---

Drill 8

helm template grokdevops devops/helm/grokdevops -f devops/helm/values-dev.yaml | kubectl apply --dry-run=client -f -

--dry-run=client validates against the K8s API schema without actually applying.

---

Drill 9

head -5 Dockerfile

The FROM line shows the base image. Look for multi-stage builds (multiple FROM lines).

---

Drill 10

make lint && make test && make build && make trivy-scan && make helm-lint

Or check if there's a combined target: make ci or make check.