The Anchore Plugin offers several operations to enhance container scanning in your devops pipeline. Anchore is specifically targeted at image scanning, unlike some of the other tools such as Docker Bench Security, which make it a perfect match to your image building CI process.
For those inexperienced with Anchore, the scanLocalImage operation is just where to start. This operation doesn't require any prerequisites other than having docker installed. For those looking scan and publish results to an existing Anchore Engine installation, analyzeLocalImage and analyzeImage are what you are looking for.
This plugin uses Anchore CI Tools to perform local scanning. Anchore requires images to pushed to a registry prior to analyzing. The Anchore CI Tools get around this by starting a temporary local Anchore container with a 'localbuild' registry. This allows you to scan and analyze images directly after building on your local docker engine. |
Anchore is FlexDeploy's preferred choice when it comes to container scanning. As such, you can configure your project to scan the specified image without any configuration other than setting the below properties:
For more information on the properties outlined above and all of the Project Container Configuration see here.