added trivy image scan and branch master check
This commit is contained in:
18
Jenkinsfile
vendored
18
Jenkinsfile
vendored
@@ -86,6 +86,10 @@ pipeline {
|
|||||||
}
|
}
|
||||||
|
|
||||||
stage('Docker Build & Push') {
|
stage('Docker Build & Push') {
|
||||||
|
when {
|
||||||
|
branch 'master'
|
||||||
|
}
|
||||||
|
|
||||||
steps {
|
steps {
|
||||||
container('kaniko') {
|
container('kaniko') {
|
||||||
// Nutze die ID, die du in Jenkins für den Token vergeben hast
|
// Nutze die ID, die du in Jenkins für den Token vergeben hast
|
||||||
@@ -114,6 +118,20 @@ pipeline {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
stage('Security: Trivy Image Scan') {
|
||||||
|
when {
|
||||||
|
branch 'master'
|
||||||
|
}
|
||||||
|
|
||||||
|
steps {
|
||||||
|
container('trivy') {
|
||||||
|
// Scannt das frisch gepushte Image direkt aus deiner Gitea Registry
|
||||||
|
// Das Flag '--insecure' erlaubt Trivy den Zugriff über die unverschlüsselte IP
|
||||||
|
sh 'trivy image --insecure --exit-code 1 --severity HIGH,CRITICAL 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
post {
|
post {
|
||||||
|
|||||||
Reference in New Issue
Block a user