I have created a pipeline:
pipeline {
agent {
kubernetes {
yaml '''
apiVersion: v1
kind: Pod
spec:
containers:
- name: trivy
image: aquasec/trivy:latest
command:
- cat
tty: true
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-sock
- name: kaniko
image: gcr.io/kaniko-project/executor:debug
imagePullPolicy: Always
command:
- sleep
args:
- 9999999
volumeMounts:
- name: kaniko-secret
mountPath: /kaniko/.docker
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: acr-secret
items:
- key: .dockerconfigjson
path: config.json
- name: docker-sock
hostPath:
path: /var/run/docker.sock
'''
}
}
stages {
stage('Checkout') {
steps {
// Checkout code from a Git repository and specific branch
git branch: 'main',
credentialsId: 'jenkinscred1',
url: 'https://github.com/premajanakkumar/dockerbuild-bushto-acr.git'
}
}
stage('Build with Kaniko') {
steps {
container('kaniko') {
script {
sh '''
/kaniko/executor --dockerfile `pwd`/Dockerfile \
--context `pwd` \
--destination ****.azurecr.io/exampledevsecopspetstore:300
'''
}
}
}
}
stage('image scan with trivy') {
steps {
container('trivy') {
script {
sh '''
trivy image --format json \
-o trivy_report.json \
exampledevsecopspetstore.azurecr.io/exampledevsecopspetstore:300
'''
}
}
}
}
}
}
This pipeline automates the process of checking out source code from a Git repository, building a Docker image using Kaniko in a Kubernetes environment, and scanning the resulting image for vulnerabilities using Trivy.
I am getting unauthorized error from azure container service, how to authorize from trivy container to ACR?