BUILD Phase

After several scans for secret and vulnerabilities, we can build and push our app to docker hub. For that, i added build stage to gitlab-ci.yaml

gitlab-ci.yaml

build_image:
  stage: build  # Define the stage of the CI/CD pipeline as 'build'
  image: docker:latest  # Use the latest version of the Docker image

  script:  # The list of commands that are run during this stage
    - docker login -u "$DOCKERHUB_USERNAME" -p "$DOCKERHUB_PASSWORD"  # Log in to Docker Hub using environment variables for credentials
    - VERSION=$(cat version.txt)  # Read the version number from version.txt and store it in a variable named VERSION
    - docker build -t asafahmad/ghost:$VERSION .  # Build the Docker image and tag it using the version number
    - docker push asafahmad/ghost:$VERSION  # Push the built image with its tag to Docker Hub

After success build then I added container scan stage for scanning the image which we created

snyk_container_security:
  stage: container_scan
  image: 
    name: snyk/snyk-cli:1.1205.0-docker
    entrypoint: [""]
  script:
    - npm install -g npm@latest
    - npm install -g synk
    - snyk auth $SNYK_TOKEN
    - snyk container monitor asafahmad/ghost:v5 --org=785253e7-a8e7-412e-a88b-b1f89e0e2d08
  allow_failure: true

PreviousWhat to do if I found vulnerability NextTEST Phase

Last updated 1 year ago