mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-01-04 04:07:16 +02:00
173b453d84
* add dedicated property to handle docker config file * switch to dockerConfigJSON in groovy * use DockerConfigJSON * add secret reference * Update protecode.yaml * Update protecode.yaml * improve docs * update generated sources
1.5 KiB
1.5 KiB
${docGenStepName}
${docGenDescription}
Prerequisites
- Create a Username / Password credential with the Protecode user in your Jenkins credential store
- Lookup your Group ID using REST API via
curl -u <username> "https://<protecode host>/api/groups/"
.
If the image is on a protected registry you can provide a Docker config.json
file containing the credential information for the registry.
You can create it like explained in the Docker Success Center in the article about how to generate a new auth in the config.json file.
${docGenParameters}
Details
- The Protecode scan step is able to send a file addressed via parameter
filePath
to the backend for scanning it for known vulnerabilities. - Alternatively an HTTP URL can be specified via
fetchUrl
. Protecode will then download the artifact from there and scan it. - To support docker image scanning please provide
scanImage
with a docker like URL poiting to the image tag within the docker registry being used. - To receive the result it polls until the job completes.
- Once the job has completed a PDF report is pulled from the backend and archived in the build
- Finally the scan result is being analysed for critical findings with a CVSS v3 score >= 7.0 and if such findings are detected the build is failed based on the configuration setting
failOnSevereVulnerabilities
. - During the analysis all CVEs which are triaged are ignored and will not provoke the build to fail.