added trivy scanning
This commit is contained in:
15
Jenkinsfile
vendored
15
Jenkinsfile
vendored
@@ -12,6 +12,11 @@ pipeline {
|
||||
command:
|
||||
- cat
|
||||
tty: true
|
||||
- name: trivy
|
||||
image: aquasec/trivy:latest
|
||||
command:
|
||||
- cat
|
||||
tty: true
|
||||
'''
|
||||
}
|
||||
}
|
||||
@@ -34,6 +39,16 @@ pipeline {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Security: Trivy Scan') {
|
||||
steps {
|
||||
container('trivy') {
|
||||
// Scannt das Dateisystem auf Schwachstellen (NuGet) und Secrets
|
||||
// --exit-code 1 lässt die Pipeline bei kritischen Fehlern abbrechen
|
||||
sh 'trivy fs --exit-code 1 --severity HIGH,CRITICAL .'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Unit Tests') {
|
||||
steps {
|
||||
|
||||
Reference in New Issue
Block a user