From d1025134cd70194550e4f196d8b70c99a89f3e45 Mon Sep 17 00:00:00 2001
From: janis <janis@noreply.localhost>
Date: Wed, 20 May 2026 18:03:25 +0000
Subject: [PATCH] .gitea/workflows/delpoy.yml aktualisiert

---
 .gitea/workflows/delpoy.yml | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/delpoy.yml b/.gitea/workflows/delpoy.yml
index 9e8b0b4..9a7e078 100644
--- a/.gitea/workflows/delpoy.yml
+++ b/.gitea/workflows/delpoy.yml
@@ -29,6 +29,8 @@ jobs:
     env:
       GIT_USER: ${{ vars.GIT_USER }}
       GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
+      TRIVY_REGISTRY_USER: ${{ vars.TRIVY_REGISTRY_USER }}
+      TRIVY_REGISTRY_PASSWORD: ${{ secrets.TRIVY_REGISTRY_PASSWORD }}
 
     steps:
       - name: Scan Docker images for vulnerabilities
@@ -108,6 +110,12 @@ jobs:
             exit 0
           fi
 
+          if [ -n "${TRIVY_REGISTRY_USER:-}" ] || [ -n "${TRIVY_REGISTRY_PASSWORD:-}" ]; then
+            : "${TRIVY_REGISTRY_USER:?TRIVY_REGISTRY_USER is required when TRIVY_REGISTRY_PASSWORD is set}"
+            : "${TRIVY_REGISTRY_PASSWORD:?TRIVY_REGISTRY_PASSWORD is required when TRIVY_REGISTRY_USER is set}"
+            echo "Using registry credentials from TRIVY_REGISTRY_USER/TRIVY_REGISTRY_PASSWORD"
+          fi
+
           TRIVY_IGNORE_ARGS=""
 
           if [ -f cve_blacklist.txt ]; then
@@ -137,7 +145,22 @@ jobs:
             echo ""
             echo "Scanning ${image}"
 
-            if ! trivy \
+            if [ -n "${TRIVY_REGISTRY_USER:-}" ]; then
+              if ! trivy \
+                image \
+                --username "${TRIVY_REGISTRY_USER}" \
+                --password "${TRIVY_REGISTRY_PASSWORD}" \
+                --scanners "${TRIVY_IMAGE_SCANNERS}" \
+                --vex "${TRIVY_VEX}" \
+                --exit-code 1 \
+                --severity "${TRIVY_SEVERITY}" \
+                --ignore-unfixed \
+                ${TRIVY_IGNORE_ARGS} \
+                --no-progress \
+                "${image}"; then
+                failed=1
+              fi
+            elif ! trivy \
               image \
               --scanners "${TRIVY_IMAGE_SCANNERS}" \
               --vex "${TRIVY_VEX}" \
@@ -147,12 +170,12 @@ jobs:
               ${TRIVY_IGNORE_ARGS} \
               --no-progress \
               "${image}"; then
-              failed=1
+                failed=1
             fi
           done < images.txt
 
           if [ "$failed" -ne 0 ]; then
-            echo "WARNING: High or critical vulnerabilities were found in one or more Docker images. Deployment stopped."
+            echo "WARNING: One or more Docker image scans failed or found ${TRIVY_SEVERITY} vulnerabilities. Deployment stopped."
             exit 1
           fi