Skip to content
This repository has been archived by the owner on Jun 4, 2020. It is now read-only.
/ smartcheck-plugin Public archive

Jenkins plugin that requests image scans from Smart Check. This repository is archived, visit https://github.com/jenkinsci/deepsecurity-smartcheck-plugin for latest release.

License

Apache-2.0 license
4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

deep-security/smartcheck-plugin

BranchesTags

Repository files navigation

Deep Security Smart Check plugin for Jenkins

Provides Jenkins integration with Deep Security Smart Check.

⚠️ This repository is archived, visit https://github.com/jenkinsci/deepsecurity-smartcheck-plugin for latest release.

Installation

  1. In Jenkins, go to Manage Jenkins > Manage Plugins
  2. Select the "Available" tab
  3. Search for "Deep Security Smart Check"

Usage

In your pipeline script:

withCredentials([
    usernamePassword([
        credentialsId: "example-registry-auth",
        usernameVariable: "REGISTRY_USER",
        passwordVariable: "REGISTRY_PASSWORD",
    ])
]){
    smartcheckScan([
        imageName: "registry.example.com/my-project/my-image",
        smartcheckHost: "smartcheck.example.com",
        smartcheckCredentialsId: "smartcheck-auth",
        imagePullAuth: new groovy.json.JsonBuilder([
            username: REGISTRY_USER,
            password: REGISTRY_PASSWORD,
        ]).toString(),
    ])
}

Parameters

  • smartcheckHost

    • The hostname of the Deep Security Smart Check deployment. Example: smartcheck.example.com

  • insecureSkipTLSVerify

    • If the client should ignore certificate errors when connecting to Deep Security Smart Check. You may want to set this if you've configured a self signed cert.

  • smartcheckCredentialsId

    • The credentials to authenticate with the Deep Security Smart Check deployment. This must be a "Username with password" credential.

  • imageName

    • The name of the image to scan

  • imagePullAuth

    • A JSON object of credentials for authenticating with the registry to pull the image from. Example:

      smartcheckScan([
    imagePullAuth: new groovy.json.JsonBuilder([
        username: REGISTRY_USER,
        password: REGISTRY_PASSWORD,
    ]).toString(),
    //...
])

      See creating a scan in the Deep Security Smart Check API Reference for additional registry credentials options.

  • insecureSkipRegistryTLSVerify

    • If Deep Security Smart Check should ignore certificate errors from the image registry.

  • preregistryScan

    • Specify this option to trigger a "pre-registry scan", which pushes the image to a temporary registry on the scan system.

  • preregistryHost

    • The hostname of the temporary registry. Defaults to the smartcheckHost on port 5000.

  • preregistryCredentialsId

    • The credentials to authenticate with the temporary registry. This must be a "Username with password" credential.

  • resultsFile - default: scan-results.json

    • The path to write the scan results to

  • findingsThreshold

    • A JSON object that can be used to fail this step if an image contains findings that exceed the threshold.

      Example with default values:

      smartcheckScan([
    //...
    findingsThreshold: new groovy.json.JsonBuilder([
        malware: 0,
        vulnerabilities: [
            defcon1: 0,
            critical: 0,
            high: 0,
        ],
        contents: [
            defcon1: 0,
            critical: 0,
            high: 0,
        ],
        checklists: [
            defcon1: 0,
            critical: 0,
            high: 0,
        ],
    ]).toString(),
])

      Schema:

      interface FindingsThreshold {
  malware?: number;
  contents?: {
    defcon1?: number;
    critical?: number;
    high?: number;
    medium?: number;
    low?: number;
    negligible?: number;
    unknown?: number;
  };
  vulnerabilities?: {
    defcon1?: number;
    critical?: number;
    high?: number;
    medium?: number;
    low?: number;
    negligible?: number;
    unknown?: number;
  };
  checklists?: {
    defcon1?: number;
    critical?: number;
    high?: number;
    medium?: number;
    low?: number;
    negligible?: number;
    unknown?: number;
  };
}

Pre-registry scanning

Deep Security Smart Check can scan your images before they are pushed to your production registry. If you have enabled pre-registry scanning on your Deep Security Smart Check instance, you can add the preregistryScan and preregistryCredentialsId parameters to the smartcheckScan method:

smartcheckScan([
    imageName: "registry.example.com/my-project/my-image",
    smartcheckHost: "smartcheck.example.com",
    smartcheckCredentialsId: "smartcheck-auth",
    preregistryScan: true,
    preregistryCredentialsId: "preregistry-auth",
])

Development

See DEVELOPMENT.md for instructions on getting started.

Contributing

If you encounter a bug, think of a useful feature, or find something confusing in the docs, please create a new issue!

We ❤️ pull requests. If you'd like to fix a bug, contribute to a feature or just correct a typo, please feel free to do so.

If you're thinking of adding a new feature, consider opening an issue first to discuss it to ensure it aligns to the direction of the project (and potentially save yourself some time!).

Support

Official support from Trend Micro is not available. Individual contributors may be Trend Micro employees, but are not official support.

About

Jenkins plugin that requests image scans from Smart Check. This repository is archived, visit https://github.com/jenkinsci/deepsecurity-smartcheck-plugin for latest release.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

11 watching

Forks

3 forks
Report repository

Releases 3

1.1.1 Latest
May 14, 2019
+ 2 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages