×
Find plugins

Anchore Container Image Scanner1.0.11Minimum Jenkins requirement: 1.625.3ID: anchore-container-scanner

Installs: 34
Last released: 15 days ago
Maintainers
Daniel Nurmi

Plugin Information

Plugin ID

anchore-container-scanner

Changes

In Latest Release
Since Latest Release

Latest Release
Latest Release Date
Required Core
Dependencies

1.0.11 (archives)
Sep 09, 2017
1.625.3
structs (version:1.5)

Source Code
Issue Tracking
Pull Requests
Maintainer(s)

GitHub
Open Issues
Pull Requests
Daniel Nurmi (id: nurmi)

Usage

Installations

2016-Oct 7
2016-Nov 13
2016-Dec 13
2017-Jan 16
2017-Feb 15
2017-Mar 18
2017-Apr 20
2017-May 25
2017-Jun 26
2017-Jul 31
2017-Aug 34

Description

Allows users to add a build step to run the Anchore container image scanner.

Anchore Jenkins Plugin

Anchore is a container inspection and analytics platform that enables operators to analyze, inspect, perform security scans, and evaluate custom policies against container images. The anchore Jenkins Plugin enables jenkins users the ability to add a build step to a jenkins job that automates the process of running an anchore analysis, evaluating custom anchore policies against images, and performing image anchore security scans.

Once installed, one of two 'modes' must be selected (Manage Jenkins -> Configure System -> Anchore Plugin Mode), which will configure the plugin to either use a direct anchore scanner (which must be installed on each Jenkins worker node), or a second mode which configures the plugin to interact with the anchore engine service API (where the anchore engine has been installed with its service API accessible from the worker nodes). Depending on which mode you select, the initial configuration/usage will differ.

Anchore Engine Mode (recommended)

In this mode, the usage model generally conforms to the following flow:

1) A Jenkins job will build a container image, and push the image to a registry that is pre-configured in the anchore engine service (see pre-requisites below)
2) The anchore build step will interact with the anchore engine by 'adding' the image (which instructs the anchore engine to pull the image from the registry), and then performing a policy evaluation check on the image. The build step can optionally be configured to fail the build if the policy evaluation results in a 'STOP' action.
3) the plugin will store the resulting policy evaluation results with the job, for later inspection/review

Pre-Requisites:

1) The anchore engine service must be installed within your environment, with its service API being accessible from all Jenkins workers. See https://github.com/anchore/anchore-engine to get started
2) A docker registry must exist and be configured within anchore engine, as the plugin will be instructing the anchore engine to pull images from a registry in this mode.
3) All authentication credentials/anchore engine API endpoint information must be available as input to the plugin at configuration time.

For more information and guides about installing, configuring, and running the anchore jenkins plugin, please refer to the documentation in the open-source project wiki at https://github.com/anchore/anchore/wiki/Anchore-and-Jenkins-Integration

Anchore Local Mode

In this mode, the usage model generally conforms to the following flow:

1) A Jenkins job will build a container image on some worker node, and the name of the locally available image is written to a file (default anchore_images)
2) The anchore build step will read the images from the anchore_images file and perform analysis/policy evaluation, by calling out to a locally running container with anchore pre-installed (see pre-requisites below). The build step can optionally be configured to fail the build if the policy evaluation results in a 'STOP' action.
3) The plugin will store the resulting policy evaluation and image query results with the job, for later inspection/review

Pre-Requisites:

1) Jenkins installed and configured either as a single system, or with multiple configured jenkins worker nodes
2) Each host on which jenkins jobs will run must have docker installed and the jenkins user (or whichever user you have configured jenkins to run jobs as) must be allowed to interact with docker (either directly or via sudo)
3) Each host on which jenkins jobs will run must have the latest anchore container image installed in the local docker host. To install, run 'docker pull anchore/jenkins:latest' on each jenkins host to make the image available to the plugin. The plugin will start an instance of the anchore/jenkins:latest docker container named 'jenkins_anchore' by default, on each host that runs a jenkins job that includes an anchore container image scanner build step.

For more information about anchore tools, documentation and capabilities, please visit us at http://www.anchore.com or https://github.com/anchore.

ArchivesGet past versions
Labels