Add the configuration for the Container Vulnerability Scan below to your pipeline text file.
In Builds > Pipelines > tasks-pipeline > Actions > Edit
In your pipeline, add and update the following variables after the version and mvnCmd definitions. Please fill in the values between the quotes.
def ocuser = " "
def ocpass = " "
def ocp = " "
def quayuser = " "
def quaypass = " "
def quayrepo = " "
For Example:
def ocuser = "userYOUR#"
def ocpass = "openshift"
def ocp = "masterexample.presidioworkshops.com"
def quayuser = "userYOUR#"
def quaypass = "openshift"
def quayrepo = "jboss-eap70-openshift"
In your pipeline, replace the Jenkins agent ‘maven’ with ‘jenkins-slave-image-mgmt’.
pipeline {
agent {
label 'jenkins-slave-image-mgmt'
}
In your pipeline, add the Vulnerability Scan Stage after the Build Image Stage.
stage('Clair Container Vulnerability Scan') {
steps {
sh "oc login -u $ocuser -p $ocpass --insecure-skip-tls-verify https://$ocp 2>&1"
sh 'skopeo --debug copy --src-creds="$(oc whoami)":"$(oc whoami -t)" --src-tls-verify=false --dest-tls-verify=false' + " --dest-creds=$quayuser:$quaypass docker://docker-registry.default.svc:5000/cicd-$ocuser/jboss-eap70-openshift:1.5 docker://quay-enterprise-quay-enterprise.apps.$ocp/$quayuser/$quayrepo:1.5"
}
}
Save your Jenkins file
Go to Builds > Pipeline
Click Start Pipeline for the pipeline you just created called tasks-pipeline.
Your pipeline should now execute through all the stages you created.
Go ahead and click View Log. This will take you to the Jenkins logs and you can follow the various stages in your pipeline.
When it asks to promote to stage, go ahead and promote it.
Select the Repository that was created
Select Repository Tags on the left hand menu
Select the Security Scan for your Image
View the Security Scan Report