amazonInspector: Amazon Inspector Scan

• archivePath : String

  Image Id Guidance:

  The image can be local, remote, or archived. Image names should follow the Docker naming convention.

  • Local or remote containers: NAME[:TAG|@DIGEST]
  • Tar file: /path/to/image.tar

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

• artifactPath : String
• archiveType : String
• osArch : boolean
• iamRole : String
• awsRegion : String
• credentialId : String

  Used inside the plugin to pull the password from Jenkins' credential store. Only required if the image being scanned is located in a private repository requiring credentials to access.

• awsProfileName : String
• awsCredentialId : String

  Optional. Allows you to specify AWS credentials explicitly instead of having them be pulled from your system. If this option is omitted, AWS credentials will be obtained via the default provider chain.

  Credentials must be added to the credential store as the "AWS Credentials" type.

  For more info: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default

• sbomgenSelection : String

  Automatic (Recommended): Allows the plugin to download the most recently released version of inspector-sbomgen. This ensures you always have the latest features, security updates, and bug fixes. Requires selection of the operating system and CPU architecture in use.

  Manual: Requires a path to a pre-downloaded version of inspector-sbomgen to be supplied.

  For more info: https://docs.aws.amazon.com/inspector/latest/user/sbom-generator.html

• sbomgenPath : String
• countCritical : int
• countHigh : int
• countMedium : int
• countLow : int
• oidcCredentialId : String
• sbomgenSkipFiles : String

  Specifies a list of one or more files or directories to exclude from scanning. Each file path should be separated with commas, for example: build/, node_modules/, tests/

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

• epssThreshold : double
• suppressedCveList : String
• isSuppressedCveEnabled : boolean

  CVE suppression list: Specify CVEs to exclude from threshold calculations and EPSS assessment. Suppressed CVEs appear in reports but won't cause build failures.

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

• isAutoFailCveEnabled : boolean

  CVE auto-fail list: Specify CVEs that will always fail the build when detected, regardless of other threshold settings. Provides zero-tolerance enforcement for specific high-risk vulnerabilities.

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

• autoFailCveList : String
• isThresholdEnabled : boolean (optional)

  Enables vulnerability thresholds, EPSS assessment, and CVE ignore functionality for comprehensive security evaluation.

  Vulnerability Thresholds: Specifies whether scanned vulnerabilities exceeding a value will cause a build failure.

  EPSS Assessment: EPSS scores range from 0-1, enter a value between 0 and 1 (e.g., 0.6).

  Ignore CVE: Specify CVEs to exclude from threshold calculations and EPSS assessment. Ignored CVEs appear in reports but won't cause build failures.

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

• isEpssEnabled : boolean (optional)
• isEpssThresholdEnabled : boolean (optional)

  EPSS threshold: EPSS scores range from 0-1, enter a value between 0 and 1 (e.g., 0.6).

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

• isSeverityThresholdEnabled : boolean (optional)

  Severity thresholds: Specifies whether scanned vulnerabilities exceeding a value will cause a build failure.

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

• reportArtifactName : String (optional)

  Specify a custom name for the generated report artifact. This helps uniquely identify and manage reports, especially when building multiple images.

  For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html