jenkins-podman/Jenkinsfile
2022-01-14 01:35:17 +01:00

43 lines
975 B
Groovy

pipeline {
agent { node { label 'podman-aws-trivy' } }
stages {
// Build using rootless podman
stage('Build'){
steps {
sh 'make build'
}
}
// Scan via trivy
stage('Scan'){
environment {
TRIVY_FORMAT = "template"
TRIVY_OUTPUT = "reports/trivy.html"
}
steps {
sh 'mkdir -p reports'
sh 'make scan'
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'trivy.html',
reportName: 'TrivyScan',
reportTitles: 'TrivyScan'
]
// Scan again and fail on CRITICAL vulns
sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
}
}
// Push to ECR
stage('Push'){
steps {
sh 'make push'
}
}
}
}