add-trivy (#28)

general/dev#56 Reviewed-on: #28 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>
4 years ago · 6aa585f91d
2 changed files with 40 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -17,6 +17,45 @@ steps:
    when:
      event: pull_request

+  - name: build image
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
+    when:
+      event: pull_request
+
+  - name: trivy security check
+    image: aquasec/trivy
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - "trivy \
+         --exit-code 1 \
+         --format json \
+         --no-progress \
+         $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
+    when:
+      event: pull_request
+
+  - name: cleanup
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    commands:
+      - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
+    when:
+      event: pull_request
+
+
  - name: release
    image: docker:dind
    volumes:
--- a/README.md
+++ b/README.md
@ -6,3 +6,4 @@ Baseimage for CI tasks

 - [yamllint git](https://github.com/adrienverge/yamllint)
 - [alpine](https://pkgs.alpinelinux.org/packages?name=yamllint)
+- [trivy](https://github.com/aquasecurity/trivy)