scan only for tags

2025-03-17 20:25:33 +01:00
parent 16e35505d6
commit f1b14d5974
3 changed files with 27 additions and 12 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -16,8 +16,19 @@ steps:

  scan_image:
    image: aquasec/trivy
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
    commands:
-      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
+      - |
+        trivy image \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --quiet \
+              --exit-code 1 \
+              $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA 
    when:
      - event: [push, tag]

@@ -54,7 +65,7 @@ steps:
             -F "bom=@/tmp/sbom.xml"\
             "$DTRACK_API_URL/api/v1/bom"
    when:
-      - event: [push, tag]
+      - event: [tag]

  build:
    image: plugins/kaniko