From a2d2628da8f1844ce99221eb42e7348a63b8f1e5 Mon Sep 17 00:00:00 2001
From: Artsiom Siamashka <artsiom.siamashka@pivotics.com>
Date: Tue, 14 Oct 2025 19:40:15 +0200
Subject: [PATCH] Added function to run security scans of newly built images

---
 vars/secops.groovy | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 vars/secops.groovy

diff --git a/vars/secops.groovy b/vars/secops.groovy
new file mode 100644
index 0000000..6bc7c4c
--- /dev/null
+++ b/vars/secops.groovy
@@ -0,0 +1,14 @@
+def secScan(image) {
+    sh """
+        mkdir -p /var/jenkins_home/secscan_reports/${env.JOB_NAME}/
+        docker run \
+        -v ./trivy_cache:/root/.cache \
+        -v /var/run/docker.sock:/var/run/docker.sock \
+        aquasec/trivy \
+        -f template \
+        --template "@contrib/html.tpl" \
+        -o /dev/stdout \
+        image --exit-code 1 --severity HIGH,CRITICAL \
+        ${image} > /var/jenkins_home/secscan_reports/${env.JOB_NAME}/secscan_report_$$(date +"%Y%m%d_%H%M%S")_${image}.html
+    """
+}
\ No newline at end of file