The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Amazon Inspector Scanner

amazonInspector: Amazon Inspector Scan

  • archivePath : String

    Image Id Guidance:

    The image can be local, remote, or archived. Image names should follow the Docker naming convention.

    • Local or remote containers: NAME[:TAG|@DIGEST]
    • Tar file: /path/to/image.tar

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • artifactPath : String
  • archiveType : String
  • osArch : boolean
  • iamRole : String
  • awsRegion : String
  • credentialId : String

    Used inside the plugin to pull the password from Jenkins' credential store. Only required if the image being scanned is located in a private repository requiring credentials to access.

  • awsProfileName : String
  • awsCredentialId : String

    Optional. Allows you to specify AWS credentials explicitly instead of having them be pulled from your system. If this option is omitted, AWS credentials will be obtained via the default provider chain.

    Credentials must be added to the credential store as the "AWS Credentials" type.

    For more info: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default

  • sbomgenSelection : String

    Automatic (Recommended): Allows the plugin to download the most recently released version of inspector-sbomgen. This ensures you always have the latest features, security updates, and bug fixes. Requires selection of the operating system and CPU architecture in use.

    Manual: Requires a path to a pre-downloaded version of inspector-sbomgen to be supplied.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/sbom-generator.html

  • sbomgenPath : String
  • countCritical : int
  • countHigh : int
  • countMedium : int
  • countLow : int
  • oidcCredentialId : String
  • sbomgenSkipFiles : String

    Specifies a list of one or more files or directories to exclude from scanning. Each file path should be separated with commas, for example: build/, node_modules/, tests/

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • epssThreshold : double
  • suppressedCveList : String
  • isSuppressedCveEnabled : boolean

    CVE suppression list: Specify CVEs to exclude from threshold calculations and EPSS assessment. Suppressed CVEs appear in reports but won't cause build failures.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • isAutoFailCveEnabled : boolean

    CVE auto-fail list: Specify CVEs that will always fail the build when detected, regardless of other threshold settings. Provides zero-tolerance enforcement for specific high-risk vulnerabilities.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • autoFailCveList : String
  • isThresholdEnabled : boolean (optional)

    Enables vulnerability thresholds, EPSS assessment, and CVE ignore functionality for comprehensive security evaluation.

    Vulnerability Thresholds: Specifies whether scanned vulnerabilities exceeding a value will cause a build failure.

    EPSS Assessment: EPSS scores range from 0-1, enter a value between 0 and 1 (e.g., 0.6).

    Ignore CVE: Specify CVEs to exclude from threshold calculations and EPSS assessment. Ignored CVEs appear in reports but won't cause build failures.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • isEpssEnabled : boolean (optional)
  • isEpssThresholdEnabled : boolean (optional)

    EPSS threshold: EPSS scores range from 0-1, enter a value between 0 and 1 (e.g., 0.6).

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • isSeverityThresholdEnabled : boolean (optional)

    Severity thresholds: Specifies whether scanned vulnerabilities exceeding a value will cause a build failure.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • reportArtifactName : String (optional)

    Specify a custom name for the generated report artifact. This helps uniquely identify and manage reports, especially when building multiple images.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html


Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.