add security scan

Jenkinsfile

@@ -59,6 +59,35 @@ node('docker') {
       sh "rm -f ./debug"
       handleError(message)
     }
+
+  stage 'Scan'
+
+    try {
+          // Install trivy and HTML template
+          sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.31.1'
+          sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
+
+          // Scan container for all vulnerability levels
+          sh 'mkdir -p reports'
+          sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${maintainer}/${imagename}:latest"
+          publishHTML target : [
+              allowMissing: true,
+              alwaysLinkToLastBuild: true,
+              keepAll: true,
+              reportDir: 'reports',
+              reportFiles: 'container-scan.html',
+              reportName: 'Security Scan',
+              reportTitles: 'Security Scan'
+          ]
+
+          // Scan again and fail on CRITICAL vulns
+          sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${maintainer}/${imagename}:latest"
+    } catch(error) {
+      def error_details = readFile('./debug');
+      def message = "BUILD ERROR: There was a problem scanning ${imagename}:${tag}. \n\n ${error_details}"
+      sh "rm -f ./debug"
+      handleError(message)
+    }
 
   stage 'Stop container'