mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00

Christopher Fenner 173b453d84

refactor(protecode): add explicit parameter for Docker config.json file (#1914 )

* add dedicated property to handle docker config file

* switch to dockerConfigJSON in groovy

* use DockerConfigJSON

* add secret reference

* Update protecode.yaml

* Update protecode.yaml

* improve docs

* update generated sources

2020-08-12 14:57:11 +02:00

1.5 KiB

Raw Blame History

${docGenStepName}

${docGenDescription}

Prerequisites

Create a Username / Password credential with the Protecode user in your Jenkins credential store
Lookup your Group ID using REST API via curl -u <username> "https://<protecode host>/api/groups/".

If the image is on a protected registry you can provide a Docker config.json file containing the credential information for the registry. You can create it like explained in the Docker Success Center in the article about how to generate a new auth in the config.json file.

${docGenParameters}

Details

The Protecode scan step is able to send a file addressed via parameter filePath to the backend for scanning it for known vulnerabilities.
Alternatively an HTTP URL can be specified via fetchUrl. Protecode will then download the artifact from there and scan it.
To support docker image scanning please provide scanImage with a docker like URL poiting to the image tag within the docker registry being used.
To receive the result it polls until the job completes.
Once the job has completed a PDF report is pulled from the backend and archived in the build
Finally the scan result is being analysed for critical findings with a CVSS v3 score >= 7.0 and if such findings are detected the build is failed based on the configuration setting failOnSevereVulnerabilities.
During the analysis all CVEs which are triaged are ignored and will not provoke the build to fail.

1.5 KiB Raw Blame History