BUILD Phase
After several scans for secret and vulnerabilities, we can build and push our app to docker hub. For that, i added build stage to gitlab-ci.yaml
build_image:
stage: build # Define the stage of the CI/CD pipeline as 'build'
image: docker:latest # Use the latest version of the Docker image
script: # The list of commands that are run during this stage
- docker login -u "$DOCKERHUB_USERNAME" -p "$DOCKERHUB_PASSWORD" # Log in to Docker Hub using environment variables for credentials
- VERSION=$(cat version.txt) # Read the version number from version.txt and store it in a variable named VERSION
- docker build -t asafahmad/ghost:$VERSION . # Build the Docker image and tag it using the version number
- docker push asafahmad/ghost:$VERSION # Push the built image with its tag to Docker Hub

After success build then I added container scan stage for scanning the image which we created
snyk_container_security:
stage: container_scan
image:
name: snyk/snyk-cli:1.1205.0-docker
entrypoint: [""]
script:
- npm install -g npm@latest
- npm install -g synk
- snyk auth $SNYK_TOKEN
- snyk container monitor asafahmad/ghost:v5 --org=785253e7-a8e7-412e-a88b-b1f89e0e2d08
allow_failure: true

Last updated