Legacy Anchore Scanning Outputs and Groovy Conditions
- Karl Henselin
Each operation in this plugin supplies the option to configure a Groovy script to determine if the scan results are inacceptable and should fail the operation. Below is a list of variables available to the Groovy script.
Each of these variables is also available as a plugin output
Groovy Variable | Plugin Output | Description | Example |
|---|---|---|---|
STATUS |
| Overall status of the scan/analysis. This is ultimately determined by the policy bundle that is used. Possible values are pass or fail. | fail |
FINAL_ACTION |
| Similar to the status, this provides the recommended action for the image. | stop |
STOP_COUNT |
| An integer count of the number of STOP rules detected for the image | 2 |
WARN_COUNT |
| An integer count of the number of WARN rules detected for the image | 10 |
ALL_COUNTS |
| A full list of all counts returned | [STOP:2, WARN:10, GO:37] |
 |  | All other FlexDeploy Variables are also available in the Groovy Script Condition |  |
Example Groovy Script Conditions
The most common use case lets the policy bundle unequivocally determine failure.
STATUS == "fail"No warn or stop checks found
(STOP_COUNT + WARN_COUNT) != 0A script that is more lenient on non-master stream builds (could be only master stream is pushed to the registry and other streams are for local testing).
//master is not allowed any stop checks whereas every other stream can have 5 or less FDBLD_STREAM_NAME == "master" ? STOP_COUNT > 0 : STOP_COUNT > 5
- style