Versions Compared

Old Version 18

changes.mady.by.user Joel Wenzel

Saved on

compared with

New Version Current

changes.mady.by.user Karl Henselin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FlexDeploy can be configured to automatically build and scan Docker images as a part of your build workflow. In cases where you are running your container directly on a docker runtime you can automatically configure that here as well. 

...

SettingInput TypeDescriptionExample
Scan ImageSelection
  • No Scan - No scan will take place
  • Before Push - The built image will be scanned prior to pushing it to a registry
  • After Push - The built image will be scanned after pushing it to a registry. Note that if Push Image is false, then it will be scanned regardless.
BEFORE_PUSH
Fail WhenGroovy

An optional Groovy script to determine if the scan should fail. See the Anchore Plugin for a list of variables and sample scripts.

If the script should evaluate to true (I.E. a failure) then the image building process will halt and the workflow execution will fail. 

STATUS == "fail"
Custom Policy BundlePlain Text

Anchore uses "policy bundles" to define analysis/scanning criteria. You can provide a custom bundle here defining your own scanning requirements. 

You can reference an absolute path on your docker build server or a relative location in your source control for the image.

anchore/customPolicy.json


Info
titleWindows Scanning

At this time, inline(local) image scanning is not supported on windows.


Info
titlePre-deploy Scanning

The configuration shown here executes the scan during the BUILD workflow. Another option can be to execute the scan as a Pre-deploy Workflow. This has the added benefit of creating approval tasks from the scan results.


Container Settings/Deploy

...