From 0225fc26a6644b379dff8c4b444b95c8527feeca Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Tue, 7 Jan 2025 14:27:00 +0100
Subject: [PATCH] add scan stage in ci script

---
 .gitignore      | 1 +
 .woodpecker.yml | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/.gitignore b/.gitignore
index a4eb1a1..d2ed908 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 .*~
 ENV
 ENV.test
+tmp/
diff --git a/.woodpecker.yml b/.woodpecker.yml
index 660cdca..fbd24ce 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -13,6 +13,12 @@ steps:
       dockerfile: Dockerfile
     when:
       - event: [push, tag]
+  scan_image:
+    image: aquasec/trivy
+    commands:
+      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
+    when:
+      - event: [push, tag]
   build:
     image: plugins/kaniko
     settings: