40 lines
993 B
Plaintext
40 lines
993 B
Plaintext
|
pipeline {
|
||
|
agent { node { label 'podman && trivy && aws' } }
|
||
|
stages {
|
||
|
stage('Build'){
|
||
|
steps {
|
||
|
sh 'make build'
|
||
|
}
|
||
|
}
|
||
|
stage('Scan'){
|
||
|
environment {
|
||
|
TRIVY_TEMPLATE = "@${env.WORKSPACE}/html.tpl"
|
||
|
TRIVY_FORMAT = "template"
|
||
|
TRIVY_OUTPUT = "reports/trivy.html"
|
||
|
}
|
||
|
steps {
|
||
|
// Scan via trivy
|
||
|
sh 'mkdir -p reports'
|
||
|
sh 'make scan'
|
||
|
publishHTML target : [
|
||
|
allowMissing: true,
|
||
|
alwaysLinkToLastBuild: true,
|
||
|
keepAll: true,
|
||
|
reportDir: 'reports',
|
||
|
reportFiles: 'trivy.html',
|
||
|
reportName: 'Trivy Scan',
|
||
|
reportTitles: 'Trivy Scan'
|
||
|
]
|
||
|
|
||
|
// Scan again and fail on CRITICAL vulns
|
||
|
sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
|
||
|
}
|
||
|
}
|
||
|
stage('Push'){
|
||
|
steps {
|
||
|
sh 'make push'
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|