Added function to run security scans of newly built images

2025-10-14 19:40:15 +02:00
parent c28b79c436
commit a2d2628da8
1 changed files with 14 additions and 0 deletions
--- a/vars/secops.groovy
+++ b/vars/secops.groovy
@@ -0,0 +1,14 @@
+def secScan(image) {
+    sh """
+        mkdir -p /var/jenkins_home/secscan_reports/${env.JOB_NAME}/
+        docker run \
+        -v ./trivy_cache:/root/.cache \
+        -v /var/run/docker.sock:/var/run/docker.sock \
+        aquasec/trivy \
+        -f template \
+        --template "@contrib/html.tpl" \
+        -o /dev/stdout \
+        image --exit-code 1 --severity HIGH,CRITICAL \
+        ${image} > /var/jenkins_home/secscan_reports/${env.JOB_NAME}/secscan_report_$$(date +"%Y%m%d_%H%M%S")_${image}.html
+    """
+}