From b2d9ea5aaeff45a350195a18c14108b55432ede4 Mon Sep 17 00:00:00 2001
From: pleibling <peter@leibling.de>
Date: Tue, 30 Dec 2025 18:40:07 +0000
Subject: [PATCH] =?UTF-8?q?playbooks/trivy=5Fdocker=5Fscan.yml=20hinzugef?=
 =?UTF-8?q?=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 playbooks/trivy_docker_scan.yml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 playbooks/trivy_docker_scan.yml

diff --git a/playbooks/trivy_docker_scan.yml b/playbooks/trivy_docker_scan.yml
new file mode 100644
index 0000000..342b895
--- /dev/null
+++ b/playbooks/trivy_docker_scan.yml
@@ -0,0 +1,30 @@
+---
+- name: Docker Image Security Scan mit Trivy
+  hosts: docker_nodes
+  become: yes
+  tasks:
+    - name: Sicherstellen, dass Trivy installiert ist (Ubuntu)
+      ansible.builtin.shell: |
+        if ! command -v trivy &> /dev/null; then
+          apt-get install -y wget apt-transport-https gnupg lsb-release
+          wget -qO - https://aquasecurity.github.io/trivy-repo/dabest.gpg | gpg --dearmor -o /usr/share/keyrings/trivy.gpg
+          echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
+          apt-get update
+          apt-get install -y trivy
+        fi
+      args:
+        executable: /bin/bash
+
+    - name: Scan eines Test-Images (nginx:latest)
+      ansible.builtin.command:
+        cmd: trivy image --format json --output /tmp/scan_result.json nginx:latest
+      register: scan_output
+
+    - name: Zeige Scan-Zusammenfassung im Log
+      ansible.builtin.command:
+        cmd: trivy image --severity HIGH,CRITICAL nginx:latest
+      register: trivy_summary
+
+    - name: Ergebnis ausgeben
+      ansible.builtin.debug:
+        msg: "{{ trivy_summary.stdout_lines }}"
\ No newline at end of file