From 9f34c2d544c7cd9ba01bed4ef5b11b0e01644f5d Mon Sep 17 00:00:00 2001
From: Jake Charman <jake@jakecharman.co.uk>
Date: Wed, 4 Jun 2025 21:46:00 +0100
Subject: [PATCH] Scan for vulnerabilities on build

---
 Jenkinsfile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Jenkinsfile b/Jenkinsfile
index 0ac1e51..b723f7d 100755
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -37,6 +37,14 @@ pipeline {
             }
         }
 
+        stage('Security scan') {
+            steps {
+                sh "docker run --name sectest registry.jakecharman.co.uk/jakecharman.co.uk:$BUILD_NUMNER"
+                sh "docker exec sectest pip3 install pip-audit"
+                sh "docker exec sectest pip-audit"
+            }
+        }
+
         stage('Push to registry') {
             when {
                 expression {