steps:
  build:
    image: plugins/kaniko
    settings:
      repo: ${FORGE_NAME}/${CI_REPO}
      registry: 
        from_secret: container_registry
      tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
      username: 
        from_secret: container_registry_username
      password: 
        from_secret: container_registry_password
      dockerfile: Dockerfile
    when:
      - event: [push, tag]

  scan_image:
    image: aquasec/trivy
    commands:
      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
    when:
      - event: [push, tag]