Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This operation will scan a locally built docker image and return the scan results as plugin outputs. The scan report will also be saved in the reports directory as ScanResults.json so it can be viewed later on.

Inputs

Input Name

Input Code

Required

Description

Image Name

FDANCR_INP_IMAGE_NAME

Yes

The full image tag of the locally built image you want to scan. For example ubuntu:16.06 or myuser/myimage:latest

Groovy Fail Condition

FDANCR_INP_SCAN_FAIL_CONDITION

No

Optional groovy script to determine if the scan should fail the workflow. Available variables include all FlexDeploy environment variables and the following scan result variables:

  • STATUS

  • FINAL_ACTION

  • STOP_COUNT

  • WARN_COUNT

  • ALL_COUNTS

See more information here for configuring the Groovy Fail Condition.

Policy File

FDANCR_INP_POLICY_FILE

No

A custom Anchore Policy Bundle to set your own scan/analysis metrics. See Defining Custom Policy Bundles below.

Scan Timeout

FDANCR_INP_TIMEOUT

No

By default the scan will timeout if it exceeds 900 seconds (15min). This is likely more than enough time but the timeout can be increased here if needed.

Outputs

See the main plugin page for outputs and groovy script validation.

Artifacts

This operation delegates the consume/produce artifacts decision to the workflow developer.

Endpoint Selection

This operation delegates the selection to the workflow developer to determine.

Endpoint Execution

This operations delegates the execution to the workflow developer to decide.

Special Considerations

Defining Custom Policy Bundles

You can define your own scanning criteria by creating a json file following these specifications. After creating the custom policy you have two main options:

  1. Store the policy json in source control next to your Dockerfile

    • In this case your Policy File input will look like the following:

  2. Store the policy json in an absolute location on your docker build server. This can be useful if you want all of your images to use the same policy bundle.

  • No labels