From 903c17e7f8a0e5d5c70cf9a5c6a37cdee465fb97 Mon Sep 17 00:00:00 2001
From: khwezi <khwezi@litecharms.co.za>
Date: Sat, 4 Apr 2026 15:30:56 +0200
Subject: [PATCH] Refactored the pipeline so that docker push happens before
 the trivy scan

---
 .drone.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 7d697e7..469428c 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -31,17 +31,6 @@ steps:
       dry_run: true 
       # Set to false once you verify the scan passes, or see the step below
 
-  - name: vulnerability-scan
-    image: aquasec/trivy:0.50.1
-    environment:
-      # Trivy needs these to pull the image from your Nexus to scan it
-      TRIVY_USERNAME:
-        from_secret: docker_username
-      TRIVY_PASSWORD:
-        from_secret: docker_password
-    commands:
-      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
-
   - name: docker-push
     image: plugins/docker
     settings:
@@ -53,6 +42,17 @@ steps:
       password:
         from_secret: docker_password
 
+  - name: vulnerability-scan
+    image: aquasec/trivy:0.50.1
+    environment:
+      # Trivy needs these to pull the image from your Nexus to scan it
+      TRIVY_USERNAME:
+        from_secret: docker_username
+      TRIVY_PASSWORD:
+        from_secret: docker_password
+    commands:
+      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
+
   # --- DEPLOY STAGE ---
   - name: deploy-uat
     image: appleboy/drone-ssh