×
Find plugins

Aqua Security Scanner2.0Minimum Jenkins requirement: 1.625.3ID: aqua-security-scanner

Installs: 55
Last released: 8 months ago
Maintainers
norbyltd
Dependencies
No dependencies found

Description

Adds a Build Step for scanning Docker images, local or hosted on registries, for security vulnerabilities, using the API provided by Aqua Security.

Prerequisites for the plugin to be operational

  1. Docker must be installed on the same machine Jenkins is installed in because the scanner itself is deployed via a Docker container.
  2. The jenkins user must be added to the docker group so it has permission to run Docker:

    sudo usermod -aG docker jenkins

    The machine should be rebooted for the above to take effect.
  3. Ensure Aqua's scanner-cli image exists on this machine

    sudo docker pull <full name of Aqua's scanner image>

Usage of plugin in Jenkins

  • In the global configuration page ("Manage Jenkins"/"Configure System") in the section for this plugin, enter values for the Aqua API url, the user name, the password and a timeout value in seconds. The build step will fail if scanning does not terminate within the timeout value. A value of 0 will cause the default timeout value, 300 seconds, to be used.
  • In the configuration page for your project, add an "Aqua Security" step from the "Add build step" dropdown list. Choose between a local image or a hosted image. Enter the image path (including the tag) of the image that is to be scanned, and in the case of a hosted image, also enter the registry name. These values can be entered with $VARIABLE syntax on environment variables. You can also determine whether non-compliance with Aqua policy results in a build failure or not.

Changelog:

Version 2.0 (February 6, 2017)

  • Two new checkboxes in the step definition control whether base image vulnerabilities are hidden (for hosted images only) and whether negligible vulnerabilities are shown.
  • Additional options for the "docker run" command running the scanner can be specified in the "Configure System" page.
  • If the plugin has not been configured in the "Configure System" page, a message is displayed directing the user to do so.
  • Multiple Aqua Scanner steps in a build are now supported, each resulting in its own output.

Version 1.3.3 (October 15, 2016)

  • A shell command to be run when the scanned image does not comply with Aqua policy, can be specified.

Version 1.3.2 (September 11, 2016)

  • Bug fix:. could not run steps from 1.3 without re-saving configuration.

Version 1.3.1 (August 22, 2016)

  • In the build page, there are now icons display the scan results.
  • The artifacts are now archived automatically and there is no need for the "Archive the artifacts" post-build step.
  • In the build step, you can decide whether the build fails or not, when the scanned image does not comply with Aqua policy.

Version 1.3 (July 29, 2016)

  • Aqua's scanner image can be set in the global configuration.
  • Artifact is now an HTML report.

Version 1.1 (June 19, 2016)

  • First release.
ArchivesGet past versions
Labels