From 903c17e7f8a0e5d5c70cf9a5c6a37cdee465fb97 Mon Sep 17 00:00:00 2001
From: khwezi <khwezi@litecharms.co.za>
Date: Sat, 4 Apr 2026 15:30:56 +0200
Subject: [PATCH 1/3] Refactored the pipeline so that docker push happens
 before the trivy scan

---
 .drone.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 7d697e7..469428c 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -31,17 +31,6 @@ steps:
       dry_run: true 
       # Set to false once you verify the scan passes, or see the step below
 
-  - name: vulnerability-scan
-    image: aquasec/trivy:0.50.1
-    environment:
-      # Trivy needs these to pull the image from your Nexus to scan it
-      TRIVY_USERNAME:
-        from_secret: docker_username
-      TRIVY_PASSWORD:
-        from_secret: docker_password
-    commands:
-      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
-
   - name: docker-push
     image: plugins/docker
     settings:
@@ -53,6 +42,17 @@ steps:
       password:
         from_secret: docker_password
 
+  - name: vulnerability-scan
+    image: aquasec/trivy:0.50.1
+    environment:
+      # Trivy needs these to pull the image from your Nexus to scan it
+      TRIVY_USERNAME:
+        from_secret: docker_username
+      TRIVY_PASSWORD:
+        from_secret: docker_password
+    commands:
+      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
+
   # --- DEPLOY STAGE ---
   - name: deploy-uat
     image: appleboy/drone-ssh
-- 
2.47.3


From 30e0bc2b8784e3ab9a9731bbb9950edadfc8ebf4 Mon Sep 17 00:00:00 2001
From: khwezi <khwezi@litecharms.co.za>
Date: Sat, 4 Apr 2026 15:32:20 +0200
Subject: [PATCH 2/3] Pulling .net docker image from nexus

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 469428c..8e55f2d 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -8,7 +8,7 @@ clone:
 
 steps:
   - name: build-test-publish
-    image: mcr.microsoft.com/dotnet/sdk:10.0
+    image: nexus.khongisa.co.za/mcr.microsoft.com/dotnet/sdk:10.0
     commands:
       - dotnet restore --source https://nexus.khongisa.co.za/repository/nuget-group/index.json --no-cache
       - dotnet build --configuration Release --no-restore
-- 
2.47.3


From b46848dd56a979e8dd8df89894fd4b30c00b1c8a Mon Sep 17 00:00:00 2001
From: khwezi <khwezi@litecharms.co.za>
Date: Sat, 4 Apr 2026 15:33:03 +0200
Subject: [PATCH 3/3] Refactored the pipeline to pull the trivy image from
 nexus as well

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 8e55f2d..619cd0a 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -43,7 +43,7 @@ steps:
         from_secret: docker_password
 
   - name: vulnerability-scan
-    image: aquasec/trivy:0.50.1
+    image: nexus.khongisa.co.za/aquasec/trivy:0.50.1
     environment:
       # Trivy needs these to pull the image from your Nexus to scan it
       TRIVY_USERNAME:
-- 
2.47.3