analyzeLocalImage (Anchore)
- Joel Wenzel
This operation will scan a locally built docker image and upload the results to an Anchore Engine installation. If you are just looking to scan and not upload the results see scanLocalImage. By default the analyze operations do not return the analyzed results but that behavior can be changed by selecting Wait For Results.
Inputs
| Input Name | Input Code | Required | Description |
|---|---|---|---|
| Anchore User | FDANCR_INP_USER | Yes | The Anchore User used when uploading the results. |
| Anchore Password | FDANCR_INP_PASSWORD | Yes | The Anchore Password used when uploading the results. |
| Anchore Url | FDANCR_INP_URL | Yes | The API url for the Anchore Engine install. Typically http://yourhost:8228/v1 |
| Image Name | FDANCR_INP_IMAGE_NAME | Yes | The full image tag to analyze. For example ubuntu:16.06 or myuser/myimage:latest |
| Wait For Results | FDANCR_INP_WAIT_FOR_RESULTS | Yes | Should the plugin wait for the results or simply start the upload and complete. If you want to use the Groovy Fail Condition or Plugin Outputs this needs to be true. |
| Groovy Fail Condition | FDANCR_INP_SCAN_FAIL_CONDITION | No | Optional groovy script to determine if the scan should fail the workflow. Available variables include all FlexDeploy environment variables and the following scan result variables:
See more information here for configuring the Groovy Fail Condition. |
| Scan Timeout | FDANCR_INP_TIMEOUT | No | By default the scan will timeout if it exceeds 900 seconds (15min). This is likely more than enough time but the timeout can be increased here if needed. |
Outputs
See the main plugin page for outputs and groovy script validation.
Outputs
These outputs will only be returned if Wait For Results is true
Artifacts
This operation delegates the consume/produce artifacts decision to the workflow developer.
Endpoint Selection
This operation delegates the selection to the workflow developer to determine.
Endpoint Execution
This operations delegates the execution to the workflow developer to decide.
Special Considerations
Anchore Engine Image Tags
This plugin uses Anchore CI Tools to perform local scanning/analyzing. Anchore Engine requires images to be pushed to a registry prior to analyzing. The Anchore CI Tools get around this by starting a temporary local Anchore container with a 'localbuild' registry. This allows you to scan and analyze images directly after building on your local docker engine.
What this means is that any images analyzed via this operation will be tagged in Anchore Engine with a localbuild registry, like so:
#local image company/ourapp:latest #image tag in Anchore Engine localbuild/company/ourapp:latest
- style