main: # 匹配所有分支名 "**": web_trigger_four: - docker: image: docker.cnb.cool/srebro/docker-images/trivy:0.55.2 volumes: - /root/.cache/trivy:copy-on-write services: - docker stages: - name: 构建镜像 script: docker build -t ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1 . - name: trivy-db漏洞库下载 script: trivy image --download-db-only - name: trivy-java-db漏洞库下载 script: trivy image --download-java-db-only - name: trivy扫描 script: trivy image ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1 --exit-code 1 --severity CRITICAL,HIGH - name: 登录仓库 script: docker login -u ${CNB_TOKEN_USER_NAME} -p "${CNB_TOKEN}" ${CNB_DOCKER_REGISTRY} - name: 镜像推送 script: docker push ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1