The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Anchore Container Image Scanner Plugin

anchore: Anchore Container Image Scanner

  • name : String
    Name of the file that contains a list of container images for anchore to analyze, evaluate policy, and run queries against. The format for each line is "imageId /path/to/Dockerfile", where the Dockerfile is optional. This file must be made available (created by a prior step) to Anchore Container Image Scanner plugin.
  • annotations (optional)
      Array / List of Nested Object
    • key : String
    • value : String
  • autoSubscribeTagUpdates : boolean (optional)
    If selected or set to 'true', the Anchore Container Image Scanner step will instruct Anchore Enterprise to automatically begin watching the added tag for updates from registry. Default value: 'true'
  • bailOnFail : boolean (optional)
    If selected or set to 'true', the Anchore Container Image Scanner step will cause the build to fail if the policy evaluation result is FAIL. Default value: 'true'
  • bailOnPluginFail : boolean (optional)
    If selected or set to 'true', the Anchore Container Image Scanner step will cause the build to fail if the plugin encounters an error. Default value: 'true'
  • engineCredentialsId : String (optional)
  • engineRetries : String (optional)
    Number of polling attempts spaced at 5 second intervals spent waiting for the Anchore Enterprise operation to complete.
  • engineurl : String (optional)
    Anchore Enterprise URL
  • engineverify : boolean (optional)
  • excludeFromBaseImage : boolean (optional)
    If selected or set to 'true', any match in the Policy or Vulnerability results where Inherited From Base == true will be excluded from the final results tables. This will NOT affect the final policy evaluation status, but will remove inherited vulnerabilities from the final results. This is useful for filtering out inherited vulnerabilities from the final results, as they are not actionable for the image being scanned. However, it is important to note that inherited vulnerabilities are still important to understand the full risk profile of the image. Default value: 'false'
  • forceAnalyze : boolean (optional)
    If selected or set to 'true', the Anchore Container Image Scanner step will instruct Anchore Enterprise to force analyze the image. Default value: 'false'
  • policyBundleId : String (optional)
    ID of the policy bundle on Anchore Enterprise to be used for policy evaluations. If empty, the policy bundle marked active on Anchore Enterprise will be used by default.

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.