Added container vulnerability scan

2026-03-08 14:24:11 +02:00
parent 358d27464a
commit eb681300c2
1 changed files with 12 additions and 2 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -56,12 +56,13 @@ steps:
    commands:
      - git clone https://gitea.khongisa.co.za/MngomaLab/webapitest.git .
      - git checkout ${DRONE_COMMIT}
-
+  
  - name: dotnet publish
    image: mcr.microsoft.com/dotnet/sdk:8.0
    commands:
      - dotnet publish --configuration Release
-  
+
+
  - name: build and push
    image: gcr.io/kaniko-project/executor:debug
    environment:
@@ -76,6 +77,15 @@ steps:
          --destination=index.docker.io/khwezi/webapitest:latest 
          --destination=index.docker.io/khwezi/webapitest:${DRONE_BUILD_NUMBER}

+  - name: volnerability-scan
+    image: aquasec/trivy
+    commands:
+      - trivy image --exit-code 1 --severity CRITICAL khwezi/webapitest:${DRONE_BUILD_NUMBER}
+  
+  - name: container-scan
+    image: aquasec/trivy
+    commands:
+      - trivy image --exit-code 1 --severity CRITICAL khwezi/webapitest:${DRONE_BUILD_NUMBER}
 ---
 kind: pipeline
 type: docker