This operation will scan a locally built docker image and return the scan results as plugin outputs. The scan report will also be saved in the reports directory as ScanResults.json so it can be viewed later on.

Inputs

Input Name	Input Code	Required	Description

Input Name	Input Code	Required	Description
Image Name	`FDANCR_INP_IMAGE_NAME`	Yes	The full image tag of the locally built image you want to scan. For example ubuntu:16.06 or myuser/myimage:latest
Groovy Fail Condition	`FDANCR_INP_SCAN_FAIL_CONDITION`	No	Optional groovy script to determine if the scan should fail the workflow. Available variables include all FlexDeploy environment variables and the following scan result variables: STATUS FINAL_ACTION STOP_COUNT WARN_COUNT ALL_COUNTS See more information here for configuring the Groovy Fail Condition.
Policy File	`FDANCR_INP_POLICY_FILE`	No	A custom Anchore Policy Bundle to set your own scan/analysis metrics. See Defining Custom Policy Bundles below.
Scan Timeout	`FDANCR_INP_TIMEOUT`	No	By default the scan will timeout if it exceeds 900 seconds (15min). This is likely more than enough time but the timeout can be increased here if needed.

Outputs

Artifacts

This operation delegates the consume/produce artifacts decision to the workflow developer.

Endpoint Selection

This operation delegates the selection to the workflow developer to determine.

Endpoint Execution

This operations delegates the execution to the workflow developer to decide.

Special Considerations

Defining Custom Policy Bundles

You can define your own scanning criteria by creating a json file following these specifications. After creating the custom policy you have two main options:

Store the policy json in source control next to your Dockerfile
- In this case your Policy File input will look like the following:
Store the policy json in an absolute location on your docker build server. This can be useful if you want all of your images to use the same policy bundle.

FlexDeploy 8.0

scanLocalImage (Anchore)