From 46f26e947b05795ab73840b4c34c51bc49e3fd6e Mon Sep 17 00:00:00 2001
From: "Achim H." <hermann.Achim@gmail.com>
Date: Thu, 7 May 2026 11:23:06 +0200
Subject: [PATCH] added trivy image scan and branch master check

---
 Jenkinsfile | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/Jenkinsfile b/Jenkinsfile
index 14442a5..63acf75 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -86,6 +86,10 @@ pipeline {
 		}        
 
         stage('Docker Build & Push') {
+            when {
+                branch 'master'
+            }
+                        
             steps {
                 container('kaniko') {
                     // Nutze die ID, die du in Jenkins für den Token vergeben hast
@@ -114,6 +118,20 @@ pipeline {
                 }
             }
         }
+
+        stage('Security: Trivy Image Scan') {
+            when {
+                branch 'master'
+            }
+
+           steps {
+                container('trivy') {
+                    // Scannt das frisch gepushte Image direkt aus deiner Gitea Registry
+                    // Das Flag '--insecure' erlaubt Trivy den Zugriff über die unverschlüsselte IP
+                    sh 'trivy image --insecure --exit-code 1 --severity HIGH,CRITICAL 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest'
+                }
+            }
+        }
 	}
 	
     post {