add scan stage in ci script

2025-01-07 14:27:00 +01:00 · 2025-01-07 14:27:00 +01:00 · 0225fc26a6
commit 0225fc26a6
parent e949df8a83
2 changed files with 7 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 .*~
 ENV
 ENV.test
+tmp/
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -13,6 +13,12 @@ steps:
      dockerfile: Dockerfile
    when:
      - event: [push, tag]
+  scan_image:
+    image: aquasec/trivy
+    commands:
+      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
+    when:
+      - event: [push, tag]
  build:
    image: plugins/kaniko
    settings: