Scope of the blog:
- Build the Docker image
- Scan with Trivy and generate the report in the Azure DevOps
- Publish the report to the Pipeline Status page
Required Pre-requisites:
- Source Code Containing the Dockerfile in the Azure DevOps.
STEPS:
- Source Code with the Dockerfile
- Create a new pipeline for this docker image build, to do go to Azure DevOps Project -> Pipeline -> New Pipeline
- Chose the Azure Repos Git
- Select the repository which we have created for the docker image build
- Now click on the starter pipeline
- Now, add a Bash script task or Docker task to build the image.
Note: I’m using a Bash task for a quick setup.
- Now, create another task to scan the Docker image using Trivy. To do this, search for the task named ‘Trivy: Take control of your application security’ on the right side.
- Click on that task and paste the image name and click add
- Once the task is added, it looks like this below
- Don’t forget to set the exit code to ‘0’; otherwise, if any vulnerabilities are found, it will cause the pipeline to fail.
- Validate and save the pipeline, it will trigger the pipeline.
- Once the pipeline run is completed, click on the run history. At the top, you’ll see ‘Trivy’ next to ‘Summary.’ Click on ‘Trivy’ to view the scan results.
Scan Result:
Pipeline Code:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: Bash@3
inputs:
targetType: 'inline'
script: |
# Write your commands here
echo 'Building Docker Image'
docker build -t hellow-world:latest .
echo 'Building Docker Image Completed'
displayName: Build Docker Image
- task: trivy@1
inputs:
version: 'latest'
image: 'hellow-world:latest'
exitCode: '0'
displayName: Scan Docker Image