FlexDeploy can be configured to automatically build and scan Docker images as a part of your build workflow. In cases where you are running your container directly on a docker runtime you can automatically configure that here as well.
| Info | ||
|---|---|---|
| ||
For a full walkthrough of setting up a FlexDeploy Container Project deploying to Kubernetes via Helm, check out this Getting Started guide. |
Optionally, a path to Dockerfile can be provided. If it is empty, a default Dockerfile in a project source checkout folder is expected. If the checkout folder is empty, then a Dockerfile is expected in the root of the FD_TEMP_DIR. A Dockerfile must be present to build an image. This behavior changed slightly in 5.0.3 beta. Previously, the location was expected to be in FD_TEMP_DIR/FD_PROJECT_NAME.
...
| Setting | Input Type | Description | Example |
|---|---|---|---|
| Scan Image | Selection |
| BEFORE_PUSH |
| Fail When | Groovy | An optional Groovy script to determine if the scan should fail. See the Anchore Plugin for a list of variables and sample scripts. If the script should evaluate to true (I.E. a failure) then the image building process will halt and the workflow execution will fail. | STATUS == "fail" |
| Custom Policy Bundle | Plain Text | Anchore uses "policy bundles" to define analysis/scanning criteria. You can provide a custom bundle here defining your own scanning requirements. You can reference an absolute path on your docker build server or a relative location in your source control for the image. | anchore/customPolicy.json |
| Info | ||
|---|---|---|
| ||
At this time, inline(local) image scanning is not supported on windows. |
| Info | ||
|---|---|---|
| ||
The configuration shown here executes the scan during the BUILD workflow. Another option can be to execute the scan as a Pre-deploy Workflow. This has the added benefit of creating approval tasks from the scan results. |
Container Settings/Deploy
...