add trivy in pipeline

2024-02-07 22:35:15 +01:00
parent 3e4c621645
commit 1a8e76dc32
1 changed files with 8 additions and 1 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -2,7 +2,7 @@ steps:
  build:
    image: plugins/kaniko
    settings:
-      repo: gitea.hottis.de/wn/udi
+      repo: ${FORGE_NAME}/${CI_REPO}
      registry: 
        from_secret: container_registry
      tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
@ -14,6 +14,13 @@ steps:
    when:
      - event: [push, tag]

+  scan_image:
+    image: aquasec/trivy
+    commands:
+      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
+    when:
+      - event: [push, tag]
+        
  deploy:
    image: portainer/kubectl-shell:latest
    secrets: