added trivy image scan and branch master check

2026-05-07 11:23:06 +02:00
parent 6b96f83e51
commit 46f26e947b
1 changed files with 18 additions and 0 deletions
--- a/18
+++ b/18
@@ -86,6 +86,10 @@ pipeline {
 		}        

        stage('Docker Build & Push') {
+            when {
+                branch 'master'
+            }
+                        
            steps {
                container('kaniko') {
                    // Nutze die ID, die du in Jenkins für den Token vergeben hast
@@ -114,6 +118,20 @@ pipeline {
                }
            }
        }
+
+        stage('Security: Trivy Image Scan') {
+            when {
+                branch 'master'
+            }
+
+           steps {
+                container('trivy') {
+                    // Scannt das frisch gepushte Image direkt aus deiner Gitea Registry
+                    // Das Flag '--insecure' erlaubt Trivy den Zugriff über die unverschlüsselte IP
+                    sh 'trivy image --insecure --exit-code 1 --severity HIGH,CRITICAL 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest'
+                }
+            }
+        }
 	}
 	
    post {