Scan registries and images for vulnerabilities using this plug-in with the NeuVector scanner.
If you use this plugin to scan local images (before pushing to any registries), you will have to install the NeuVector Scanner on the node where the images exist.
If you use this plugin to scan registry images (after pushing to any registries), the NeuVector Scanner can be installed on any node in the network with connectivity between the registry, NeuVector Scanner, and Jenkins.
Setup the configuration in Jenkins
After installing the plugin, find the ‘NeuVector Vulnerability Scanner’ section in the global configuration page (Jenkins ‘Configure System’). Enter values for the NeuVector Scanner source name, controller IP, port, username, and password. You may click the ‘Test Connection’ button to validate the values. It will show ‘Connection Success’ or an error message.
The timeout minutes value will terminate the build step within the time entered. The default value of 0 means no timeout will occur.
Click the ‘Add Registry’ to enter values for the registry you will use in your project. If you will be only scanning local images, you don’t need to add a registry here.
In your project, choose the 'NeuVector Vulnerability Scanner' plugin from the drop down menu in the 'Add build step'. Choose Local or a registry name which is the nickname you entered in global config. Enter the repository and image tag name to be scanned. You may choose Jenkins default environment variables for the repository or tag. e.g. $JOB_NAME, $BUILD_TAG, $BUILD_NUMBER. Enter the values for the number of high or medium, vulnerability names that present to fail the build and vulnerability names that are exempt from the scan.
When the build finishes, a NeuVector report will be generated. It will show the scan details and errors if any.
See GitHub releases
1.9 (September 14, 2020)
- Support to exempt CVE names from Jenkins scan
1.8.1 (March 05, 2020)
- Update ChangeLogs
1.8 (March 04, 2020)
- Migrate to GitHub docs
1.7 (March 03, 2020)
- Add source name to scanner's global setting
- Report Jenkins build user, job name and workspace.
1.6 (September 21, 2019)
- Use secret for password.
1.5 (July 1, 2019)
- Support layer scan.
1.4 (April 16, 2019)
- Support multiple build steps in one Jenkins build.
1.3 (September 24, 2018)
- Update long poll status code.
1.2 (July 20, 2018)
- Update for no scan entity case.
1.1 (July 19, 2018)
- Add no vulnerabilities found case.
1.0 (June 1, 2018)
- First release.