added report creation for trivy image scan
This commit is contained in:
14
Jenkinsfile
vendored
14
Jenkinsfile
vendored
@@ -122,11 +122,19 @@ pipeline {
|
|||||||
when {
|
when {
|
||||||
branch 'master'
|
branch 'master'
|
||||||
}
|
}
|
||||||
|
|
||||||
steps {
|
steps {
|
||||||
container('trivy') {
|
container('trivy') {
|
||||||
// Scannt das frisch gepushte Image direkt aus deiner Gitea Registry
|
// 1. Scan ausführen und als HTML-Report speichern (Achte auf den neuen Dateinamen)
|
||||||
// Das Flag '--insecure' erlaubt Trivy den Zugriff über die unverschlüsselte IP
|
sh '''
|
||||||
|
trivy image --insecure \
|
||||||
|
--severity HIGH,CRITICAL \
|
||||||
|
--format template \
|
||||||
|
--template "@/contrib/html.tpl" \
|
||||||
|
-o reports/trivy-image-report.html \
|
||||||
|
130.61.26.230:30080/dev-master/secdevops-csharp-app:latest
|
||||||
|
'''
|
||||||
|
|
||||||
|
// 2. Den Scan ein zweites Mal kurz ohne Report ausführen, damit die Pipeline bei Lücken blockiert
|
||||||
sh 'trivy image --insecure --exit-code 1 --severity HIGH,CRITICAL 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest'
|
sh 'trivy image --insecure --exit-code 1 --severity HIGH,CRITICAL 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user