Provides Jenkins integration with Deep Security Smart Check.
- In Jenkins, go to Manage Jenkins > Manage Plugins
- Select the "Available" tab
- Search for "Deep Security Smart Check"
In your pipeline script:
withCredentials([
usernamePassword([
credentialsId: "example-registry-auth",
usernameVariable: "REGISTRY_USER",
passwordVariable: "REGISTRY_PASSWORD",
])
]){
smartcheckScan([
imageName: "registry.example.com/my-project/my-image",
smartcheckHost: "smartcheck.example.com",
smartcheckCredentialsId: "smartcheck-auth",
imagePullAuth: new groovy.json.JsonBuilder([
username: REGISTRY_USER,
password: REGISTRY_PASSWORD,
]).toString(),
])
}-
smartcheckHost
- The hostname of the Deep Security Smart Check deployment. Example:
smartcheck.example.com
- The hostname of the Deep Security Smart Check deployment. Example:
-
insecureSkipTLSVerify
- If the client should ignore certificate errors when connecting to Deep Security Smart Check. You may want to set this if you've configured a self signed cert.
-
smartcheckCredentialsId
- The credentials to authenticate with the Deep Security Smart Check deployment. This must be a "Username with password" credential.
-
imageName
- The name of the image to scan
-
imagePullAuth
-
A JSON object of credentials for authenticating with the registry to pull the image from. Example:
smartcheckScan([ imagePullAuth: new groovy.json.JsonBuilder([ username: REGISTRY_USER, password: REGISTRY_PASSWORD, ]).toString(), //... ])See creating a scan in the Deep Security Smart Check API Reference for additional registry credentials options.
-
-
insecureSkipRegistryTLSVerify
- If Deep Security Smart Check should ignore certificate errors from the image registry.
-
preregistryScan
- Specify this option to trigger a "pre-registry scan", which pushes the image to a temporary registry on the scan system.
-
preregistryHost
- The hostname of the temporary registry. Defaults to the
smartcheckHoston port 5000.
- The hostname of the temporary registry. Defaults to the
-
preregistryCredentialsId
- The credentials to authenticate with the temporary registry. This must be a "Username with password" credential.
-
resultsFile - default:
scan-results.json- The path to write the scan results to
-
findingsThreshold
-
A JSON object that can be used to fail this step if an image contains findings that exceed the threshold.
Example with default values:
smartcheckScan([ //... findingsThreshold: new groovy.json.JsonBuilder([ malware: 0, vulnerabilities: [ defcon1: 0, critical: 0, high: 0, ], contents: [ defcon1: 0, critical: 0, high: 0, ], checklists: [ defcon1: 0, critical: 0, high: 0, ], ]).toString(), ])Schema:
interface FindingsThreshold { malware?: number; contents?: { defcon1?: number; critical?: number; high?: number; medium?: number; low?: number; negligible?: number; unknown?: number; }; vulnerabilities?: { defcon1?: number; critical?: number; high?: number; medium?: number; low?: number; negligible?: number; unknown?: number; }; checklists?: { defcon1?: number; critical?: number; high?: number; medium?: number; low?: number; negligible?: number; unknown?: number; }; }
-
Deep Security Smart Check can scan your images before they are pushed to your
production registry. If you have enabled pre-registry scanning on your Deep
Security Smart Check instance, you can add the preregistryScan and
preregistryCredentialsId parameters to the smartcheckScan method:
smartcheckScan([
imageName: "registry.example.com/my-project/my-image",
smartcheckHost: "smartcheck.example.com",
smartcheckCredentialsId: "smartcheck-auth",
preregistryScan: true,
preregistryCredentialsId: "preregistry-auth",
])See DEVELOPMENT.md for instructions on getting started.
If you encounter a bug, think of a useful feature, or find something confusing in the docs, please create a new issue!
We ❤️ pull requests. If you'd like to fix a bug, contribute to a feature or just correct a typo, please feel free to do so.
If you're thinking of adding a new feature, consider opening an issue first to discuss it to ensure it aligns to the direction of the project (and potentially save yourself some time!).
Official support from Trend Micro is not available. Individual contributors may be Trend Micro employees, but are not official support.