From abe1e538cf0d0bf17899cff8b464627b48f074eb Mon Sep 17 00:00:00 2001
From: sebthom <sebthom@users.noreply.github.com>
Date: Mon, 22 Apr 2024 18:27:01 +0200
Subject: [PATCH] feat: add trivy image scan

---
 .trivyignore   | 2 ++
 build-image.sh | 8 ++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 0000000..c73090c
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,2 @@
+# secrets - false positive
+github-app-token
diff --git a/build-image.sh b/build-image.sh
index baf06cc..9721463 100644
--- a/build-image.sh
+++ b/build-image.sh
@@ -77,6 +77,14 @@ DOCKER_BUILDKIT=1 docker build "$project_root" \
    "$@"
 
 
+#################################################
+# perform security audit
+#################################################
+if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 ]]; then
+   bash "$shared_lib/cmd/audit-image.sh" $image_name
+fi
+
+
 #################################################
 # push image with tags to remote docker image registry
 #################################################