The following plugin provides functionality available through
Pipeline-compatible steps. Read more about how to integrate steps into your
Pipeline in the
Steps
section of the
Pipeline Syntax
page.
For a list of other such plugins, see the
Pipeline Steps Reference
page.
Anchore Container Image Scanner Plugin
anchore
: Anchore Container Image Scanner
name : String
Name of the file that contains a list of container images for anchore to analyze, evaluate policy, and run queries against. The format for each line is "imageId /path/to/Dockerfile", where the Dockerfile is optional. This file must be made available (created by a prior step) to Anchore Container Image Scanner plugin.
annotations
(optional)
Array / List of Nested Object
key : String
value : String
autoSubscribeTagUpdates : boolean
(optional)
If selected or set to 'true', the Anchore Container Image Scanner step will instruct Anchore Enterprise to automatically begin watching the added tag for updates from registry. Default value: 'true'
bailOnFail : boolean
(optional)
If selected or set to 'true', the Anchore Container Image Scanner step will cause the build to fail if the policy evaluation result is FAIL. Default value: 'true'
bailOnPluginFail : boolean
(optional)
If selected or set to 'true', the Anchore Container Image Scanner step will cause the build to fail if the plugin encounters an error. Default value: 'true'
engineCredentialsId : String
(optional)
engineRetries : String
(optional)
Number of polling attempts spaced at 5 second intervals spent waiting for the Anchore Enterprise operation to complete.
engineurl : String
(optional)
engineverify : boolean
(optional)
excludeFromBaseImage : boolean
(optional)
If selected or set to 'true', any match in the Policy or Vulnerability results where Inherited From Base == true will be excluded from the final results tables. This will NOT affect the final policy evaluation status, but will remove inherited vulnerabilities from the final results. This is useful for filtering out inherited vulnerabilities from the final results, as they are not actionable for the image being scanned. However, it is important to note that inherited vulnerabilities are still important to understand the full risk profile of the image. Default value: 'false'
forceAnalyze : boolean
(optional)
If selected or set to 'true', the Anchore Container Image Scanner step will instruct Anchore Enterprise to force analyze the image. Default value: 'false'
policyBundleId : String
(optional)
ID of the policy bundle on Anchore Enterprise to be used for policy evaluations. If empty, the policy bundle marked active on Anchore Enterprise will be used by default.
Was this page helpful?
Please submit your feedback about this page through this
quick form.
Alternatively, if you don't wish to complete the quick form, you can simply
indicate if you found this page helpful?
See existing feedback here.