Skip to content

Commit

Permalink
Use new scanner inline binary
Browse files Browse the repository at this point in the history 
This commit uses the new inline scanning binary for the recently
released Sysdig Vuln Management engine in April 2022. Without this
commit the example image would be scanned with the old method that will
be getting phased out eventually.
  • Loading branch information
@trlinkin
trlinkin committed May 5, 2022
1 parent 254b473 commit e9c20e5
Showing 1 changed file with 16 additions and 9 deletions.
25 changes: 16 additions & 9 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,7 @@ spec:
- name: var-run
mountPath: /var/run
- name: jnlp
securityContext:
runAsUser: 0
fsGroup: 0
volumeMounts:
- name: var-run
mountPath: /var/run
image: jenkins/inbound-agent:4.6-1
volumes:
- emptyDir: {}
Expand Down Expand Up @@ -54,14 +49,26 @@ spec:
steps {
container("dind") {
sh "docker build -f Dockerfile -t ${params.DOCKER_REPOSITORY} ."
sh "echo ${params.DOCKER_REPOSITORY} > sysdig_secure_images"
}
}
}
stage('Scanning Image Prep') {
steps {
container("jnlp") {
sh '''
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner"
chmod +x ./sysdig-cli-scanner
'''
}
}
}
stage('Scanning Image') {
steps {
// This will always be executed in the JNLP container
sysdig engineCredentialsId: 'sysdig-secure-api-credentials', name: 'sysdig_secure_images', inlineScanning: true
withCredentials([usernamePassword(credentialsId: 'sysdig-secure-api-credentials', passwordVariable: 'SECURE_API_TOKEN', usernameVariable: '')]) {
container("dind") {
sh "./sysdig-cli-scanner --apiurl https://secure.sysdig.com ${params.DOCKER_REPOSITORY} --policy sysdig-best-practices -u --detailed-policies-eval"
}
}
}
}
}
Expand Down

0 comments on commit e9c20e5

Please sign in to comment.