From eb681300c2320ba43ce9f641c273018716a449ae Mon Sep 17 00:00:00 2001
From: khwezi <khwezi@litecharms.co.za>
Date: Sun, 8 Mar 2026 14:24:11 +0200
Subject: [PATCH] Added container vulnerability scan

---
 .drone.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 1e57db9..a4f8176 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -56,12 +56,13 @@ steps:
     commands:
       - git clone https://gitea.khongisa.co.za/MngomaLab/webapitest.git .
       - git checkout ${DRONE_COMMIT}
-
+  
   - name: dotnet publish
     image: mcr.microsoft.com/dotnet/sdk:8.0
     commands:
       - dotnet publish --configuration Release
-  
+
+
   - name: build and push
     image: gcr.io/kaniko-project/executor:debug
     environment:
@@ -76,6 +77,15 @@ steps:
           --destination=index.docker.io/khwezi/webapitest:latest 
           --destination=index.docker.io/khwezi/webapitest:${DRONE_BUILD_NUMBER}
 
+  - name: volnerability-scan
+    image: aquasec/trivy
+    commands:
+      - trivy image --exit-code 1 --severity CRITICAL khwezi/webapitest:${DRONE_BUILD_NUMBER}
+  
+  - name: container-scan
+    image: aquasec/trivy
+    commands:
+      - trivy image --exit-code 1 --severity CRITICAL khwezi/webapitest:${DRONE_BUILD_NUMBER}
 ---
 kind: pipeline
 type: docker
-- 
2.47.3