View NeuVector Vulnerability Scanner on the plugin site for more information.
Scan registries and images for vulnerabilities using this plug-in with the NeuVector scanner.
* If you use this plugin to scan local images (before pushing to any registries), you will have to install the NeuVector Scanner on the node where the images exist.
* If you use this plugin to scan registry images (after pushing to any registries), the NeuVector Scanner can be installed on any node in the network with connectivity between the registry, NeuVector Scanner, and Jenkins.
Setup the configuration in Jenkins
1. After installing the plugin, find the ‘NeuVector Vulnerability Scanner’ section in the global configuration page (Jenkins ‘Configure System’). Enter values for the NeuVector Controller IP, port, username, and password. You may click the ‘Test Connection’ button to validate the values. It will show ‘Connection Success’ or an error message.
The timeout minutes value will terminate the build step within the time entered. The default value of 0 means no timeout will occur.
Click the ‘Add Registry’ to enter values for the registry you will use in your project. If you will be only scanning local images, you don’t need to add a registry here.
2. In your project, choose the 'NeuVector Vulnerability Scanner' plugin from the drop down menu in the 'Add build step'. Choose Local or a registry name which is the nickname you entered in global config. Enter the repository and image tag name to be scanned. You may choose Jenkins default environment variables for the repository or tag. e.g. $JOB_NAME, $BUILD_TAG, $BUILD_NUMBER. Enter the values for the number of high or medium, and for any name of the vulnerabilities present to fail the build.
After the build is finished, a NeuVector report will be generated. It will show the scan details and errors if any.
Version 1.0 (June 1, 2018)
Version 1.1 (July 19, 2018)
- Add no vulnerabilities found case.
Version 1.2 (July 20, 2018)
- Update for no scan entity case.