View Aqua Security Scanner on the plugin site for more information.
Adds a Build Step for scanning Docker images, local or hosted on registries, for security vulnerabilities, using the API provided by Aqua Security.
Prerequisites for the plugin to be operational
- Docker must be installed on the same machine Jenkins is installed in because the scanner itself is deployed via a Docker container.
The jenkins user must be added to the docker group so it has permission to run Docker:
The machine should be rebooted for the above to take effect.
Ensure Aqua's scanner-cli image exists on this machine
Usage of plugin in Jenkins
- In the global configuration page ("Manage Jenkins"/"Configure System") in the section for this plugin, enter values for the Aqua API url, the user name, the password and a timeout value in seconds. The build step will fail if scanning does not terminate within the timeout value. A value of 0 will cause the default timeout value, 300 seconds, to be used.
- In the configuration page for your project, add an "Aqua Security" step from the "Add build step" dropdown list. Choose between a local image or a hosted image. Enter the image path (including the tag) of the image that is to be scanned, and in the case of a hosted image, also enter the registry name. These values can be entered with $VARIABLE syntax on environment variables. You can also determine whether non-compliance with Aqua policy results in a build failure or not.
Version 3.0.7 (June 18, 2018)
- Adding support for --no-verify. (Do not verify TLS certificates)
Version 3.0.6 (May 13, 2018)
- Adding multiple images artifact archive support.
Version 3.0.5 (April 30, 2018)
- Bug fix: Fixing policy not saved on UI.
- Bug fix: Fixing password masking when runOptions is set.
- Adding support to register remote images.
Version 3.0.3 (April 9, 2018)
- Bug fix: plugin archive the entire working directory.
Version 3.0 (March 19, 2018)
- Support for Jenkins pipeline.
Version 2.0 (February 6, 2017)
- Two new checkboxes in the step definition control whether base image vulnerabilities are hidden (for hosted images only) and whether negligible vulnerabilities are shown.
- Additional options for the "docker run" command running the scanner can be specified in the "Configure System" page.
- If the plugin has not been configured in the "Configure System" page, a message is displayed directing the user to do so.
- Multiple Aqua Scanner steps in a build are now supported, each resulting in its own output.
Version 1.3.3 (October 15, 2016)
- A shell command to be run when the scanned image does not comply with Aqua policy, can be specified.
Version 1.3.2 (September 11, 2016)
- Bug fix:. could not run steps from 1.3 without re-saving configuration.
Version 1.3.1 (August 22, 2016)
- In the build page, there are now icons display the scan results.
- The artifacts are now archived automatically and there is no need for the "Archive the artifacts" post-build step.
- In the build step, you can decide whether the build fails or not, when the scanned image does not comply with Aqua policy.
Version 1.3 (July 29, 2016)
- Aqua's scanner image can be set in the global configuration.
- Artifact is now an HTML report.
Version 1.1 (June 19, 2016)
- First release.