pipeline { // agent { node { label 'podman && trivy && aws' } } agent { node { label 'podman' } } stages { stage('Build'){ steps { sh 'make build' } } stage('Scan'){ environment { TRIVY_TEMPLATE = "@${env.WORKSPACE}/html.tpl" TRIVY_FORMAT = "template" TRIVY_OUTPUT = "reports/trivy.html" } steps { // Scan via trivy sh 'mkdir -p reports' sh 'env' sh 'make scan' publishHTML target : [ allowMissing: true, alwaysLinkToLastBuild: true, keepAll: true, reportDir: 'reports', reportFiles: 'trivy.html', reportName: 'Trivy Scan', reportTitles: 'Trivy Scan' ] // Scan again and fail on CRITICAL vulns sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan' } } stage('Push'){ steps { sh 'echo make push' } } } }