forked from opensearch-project/opensearch-build
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-scan.jenkinsfile
63 lines (62 loc) · 2.21 KB
/
docker-scan.jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
lib = library(identifier: '[email protected]', retriever: modernSCM([
$class: 'GitSCMSource',
remote: 'https://github.com/opensearch-project/opensearch-build-libraries.git',
]))
pipeline {
options {
timeout(time: 30)
}
agent none
parameters {
string(
name: 'IMAGE_FULL_NAME',
description: "Example : 'opensearchstaging/opensearch:2.0.0', 'public.ecr.aws/opensearchstaging/opensearch:2.0.0', 'alpine:3', 'ubuntu:20.04'",
trim: true
)
}
stages {
stage("Image Scan (Trivy)") {
agent {
docker {
label 'Jenkins-Agent-AL2-X64-C54xlarge-Docker-Host'
image 'opensearchstaging/ci-runner:ubuntu2004-x64-docker-buildx0.9.1-qemu5.0-awscli1.22-jdk11-v1'
args '-u root -v /var/run/docker.sock:/var/run/docker.sock'
registryUrl 'https://public.ecr.aws/'
alwaysPull true
}
}
stages {
stage('Parameters Check') {
steps {
script {
currentBuild.description = "Scanning: ${IMAGE_FULL_NAME}"
if(IMAGE_FULL_NAME.isEmpty()) {
currentBuild.result = 'ABORTED'
error('Make sure all the parameters are passed in.')
}
}
}
}
stage('Scan Images') {
steps {
script {
scanDockerImage(
imageFullName: "${IMAGE_FULL_NAME}",
imageResultFile: "scan_docker_image"
)
}
}
}
}
post() {
always {
archiveArtifacts artifacts: 'scan_docker_image.*'
script {
postCleanup()
sh("trivy image --clear-cache")
}
}
}
}
}
}