dev-master/secdevops-csharp-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: dev-master:6b96f83e51a9d96a4271ec4248aa5102c16bb6f9
Branches Tags
dev-master:master
...
compare: dev-master:41061367820caee7e063d9d669aac06139eb7705
Branches Tags
dev-master:master

2 Commits
6b96f83e51 ... 4106136782

Author SHA1 Message Date
Achim H.
4106136782 remove --push-retry 5 for tests 2026-05-07 11:41:40 +02:00
Achim H.
46f26e947b added trivy image scan and branch master check 2026-05-07 11:23:06 +02:00
1 changed files with 18 additions and 1 deletions
Expand all files Collapse all files

19
Jenkinsfile vendored
View File

@@ -86,6 +86,10 @@ pipeline {
} }
stage('Docker Build & Push') { stage('Docker Build & Push') {
when {
branch 'master'
}
steps { steps {
container('kaniko') { container('kaniko') {
// Nutze die ID, die du in Jenkins für den Token vergeben hast // Nutze die ID, die du in Jenkins für den Token vergeben hast
@@ -105,7 +109,6 @@ pipeline {
/kaniko/executor --context `pwd` \ /kaniko/executor --context `pwd` \
--dockerfile `pwd`/Dockerfile \ --dockerfile `pwd`/Dockerfile \
--insecure \ --insecure \
--push-retry 5 \
--skip-tls-verify \ --skip-tls-verify \
--destination 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest \ --destination 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest \
--destination 130.61.26.230:30080/dev-master/secdevops-csharp-app:${BUILD_NUMBER} --destination 130.61.26.230:30080/dev-master/secdevops-csharp-app:${BUILD_NUMBER}
@@ -114,6 +117,20 @@ pipeline {
} }
} }
} }
stage('Security: Trivy Image Scan') {
when {
branch 'master'
}
steps {
container('trivy') {
// Scannt das frisch gepushte Image direkt aus deiner Gitea Registry
// Das Flag '--insecure' erlaubt Trivy den Zugriff über die unverschlüsselte IP
sh 'trivy image --insecure --exit-code 1 --severity HIGH,CRITICAL 130.61.26.230:30080/dev-master/secdevops-csharp-app:latest'
}
}
}
} }
post { post {