Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This operation will scan a locally built docker image and upload the results to an Anchore Engine installation. If you are just looking to scan and not upload the results, see scanLocalImage. By default, the analyze operations do not return the analyzed results but that behavior can be changed by selecting Wait For Results.

Inputs

Input Name

Input Code

Required

Description

Anchore User

FDANCR_INP_USER

Yes

The Anchore User used when uploading the results.

Anchore Password

FDANCR_INP_PASSWORD

Yes

The Anchore Password used when uploading the results.

Anchore Url

FDANCR_INP_URL

Yes

The API url for the Anchore Engine install. Typically, http://yourhost:8228/v1

Image Name

FDANCR_INP_IMAGE_NAME

Yes

The full image tag to analyze. For example, ubuntu:16.06

 or 

 or myuser/myimage:latest

Wait For Results

FDANCR_INP_WAIT_FOR_RESULTS

Yes

Should the plugin wait for the results or simply start the upload and complete. If you want to use the Groovy Fail Condition or Plugin Outputs this needs to be true.

Groovy Fail Condition

FDANCR_INP_SCAN_FAIL_CONDITION

No

Optional groovy script to determine if the scan should fail the workflow. Available variables include all FlexDeploy environment variables and the following scan result variables:

  • STATUS

  • FINAL_ACTION

  • STOP_COUNT

  • WARN_COUNT

  • ALL_COUNTS

See more

information here 

information here for configuring the Groovy Fail Condition.

Scan Timeout

FDANCR_INP_TIMEOUT

No

By default, the scan will timeout if it exceeds 900 seconds (15min). This is likely more than enough time, but the timeout can be increased here if needed.

Outputs

See the the main plugin page for  for outputs and groovy script validation.

Info

Outputs

These outputs will only be returned if Wait For Results is true

Artifacts

This operation delegates the consume/produce artifacts decision to the workflow developer.

Endpoint Selection

This operation delegates the endpoint selection to the workflow developer to determine.. The workflow editor will default the selection to "All", which selects all available endpoints associated to the target. Selecting a specific resource will result in selection of endpoints associated to the target which have that resource defined. 

Endpoint Execution

This operations operation delegates the endpoint execution to the workflow developer to decide.. The workflow editor will default to "Any", which will execute on any one of the selected endpoints, which will be randomly picked from selected endpoints or a specific endpoint where previous step may have executed. Changing this value to "All" to will result in execution on all selected endpoints. 

Special Considerations

Anchore Engine Image Tags

This plugin uses uses Anchore CI Tools to perform local scanning/analyzing. Anchore Engine requires images to be pushed to a registry prior to analyzing. The Anchore CI Tools get around this by starting a temporary local Anchore container with a 'localbuild' registry. This allows you to scan and analyze images directly after building on your local docker engine.

What this means is that any images analyzed via this operation will be tagged in Anchore Engine with a localbuild registry, like so: 

Code Block
languagebash
#local image
company/ourapp:latest

#image tag in Anchore Engine
localbuild/company/ourapp:latest