This operation will scan a locally built docker image and return the scan results as plugin outputs. The scan report will also be saved in the reports directory as ScanResults.json so it can be viewed later on.
Inputs
Input Name | Input Code | Required | Description |
---|---|---|---|
Image Name | FDANCR_INP_IMAGE_NAME | Yes | The full image tag of the locally built image you want to scan. For example ubuntu:16.06 or myuser/myimage:latest |
Groovy Fail Condition | FDANCR_INP_SCAN_FAIL_CONDITION | No | Optional groovy script to determine if the scan should fail the workflow. Available variables include all FlexDeploy environment variables and the following scan result variables:
See more information here for configuring the Groovy Fail Condition. |
Policy File | FDANCR_INP_POLICY_FILE | No | A custom Anchore Policy Bundle to set your own scan/analysis metrics. See Defining Custom Policy Bundles below. |
Scan Timeout | FDANCR_INP_TIMEOUT | No | By default the scan will timeout if it exceeds 900 seconds (15min). This is likely more than enough time but the timeout can be increased here if needed. |
Outputs
See the main plugin page for outputs and groovy script validation.
...
You can define your own scanning criteria by creating a json file following these specifications. After creating the custom policy you have two main options:
Store the policy json in source control next to your Dockerfile
In this case your Policy File input will look like the following:
Store the policy json in an absolute location on your docker build server. This can be useful if you want all of your images to use the same policy bundle.