Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This operation will scan a locally built docker image and return the scan results as plugin outputs. The scan report will also be saved in the reports directory as ScanResults.json so it can be viewed later on.

Inputs

Input Name

Input Code

Required

Description

Image Name

FDANCR_INP_IMAGE_NAME

Yes

The full image tag of the locally built image you want to scan. For example ubuntu:16.06 or myuser/myimage:latest

Groovy Fail Condition

FDANCR_INP_SCAN_FAIL_CONDITION

No

Optional groovy script to determine if the scan should fail the workflow. Available variables include all FlexDeploy environment variables and the following scan result variables:

  • STATUS

  • FINAL_ACTION

  • STOP_COUNT

  • WARN_COUNT

  • ALL_COUNTS

See more information here for configuring the Groovy Fail Condition.

Policy File

FDANCR_INP_POLICY_FILE

No

A custom Anchore Policy Bundle to set your own scan/analysis metrics. See Defining Custom Policy Bundles below.

Scan Timeout

FDANCR_INP_TIMEOUT

No

By default the scan will timeout if it exceeds 900 seconds (15min). This is likely more than enough time but the timeout can be increased here if needed.

Outputs

...

Include Page
Legacy Anchore Scanning Outputs and Groovy Conditions
Legacy Anchore Scanning Outputs and Groovy Conditions

Artifacts

This operation delegates the consume/produce artifacts decision to the workflow developer.

...

You can define your own scanning criteria by creating a json file following these specifications. After creating the custom policy you have two main options:

  1. Store the policy json in source control next to your Dockerfile

    • In this case your Policy File input will look like the following:

    • Image Modified
  2. Store the policy json in an absolute location on your docker build server. This can be useful if you want all of your images to use the same policy bundle.

    • Image Modified