The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

GrypeScanner Plugin

step([$class: 'GrypeScannerStep']): Vulnerability scan with grype

A vulnerability scanner for container images and filesystems.

Usage in a pipeline:
pipeline
{
 agent any
 options {
 skipStagesAfterUnstable()
}
stages
{
 stage('Build')
 {
  steps
  {
  step([$class: 'GrypeScannerStep', scanDest: 'dir:/tmp', repName: 'myScanResult.txt'])
  }
 }
}
}

  • scanDest

    Scan targets can be explicitly provided with a following scheme:

    • docker:yourrepo/yourimage:tag use images from the Docker daemon
    • docker-archive:path/to/yourimage.tar use a tarball from disk for archives created from "docker save"
    • oci-archive:path/to/yourimage.tar use a tarball from disk for OCI archives (from Skopeo or otherwise)
    • oci-dir:path/to/yourimage read directly from a path on disk for OCI layout directories (from Skopeo or otherwise)
    • dir:path/to/yourproject read directly from a path on disk (any directory)
    • registry:yourrepo/yourimage:tag pull image directly from a registry (no container runtime required)
    • Type: String
  • repName
    • Type: String
  • autoInstall
    If active, download and install grype by ececution of install.sh automatically in job workspace, otherwise 'grype' executable needs to be available in the PATH.
    • Type: boolean

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.