Anchore + Jenkins
Anchore has been designed to plug seamlessly into your container based CI/CD pipeline to add analytics, compliance and governance to your workflow.
Using Anchore’s freely available and open source Jenkins plugin you can secure your Jenkins CI/CD pipeline in less than 30 minutes.
By adding image scanning, including not just CVE based security scans but policy based scans that can include checks around security, compliance and operational best practices, you can ensure only trusted vetted container images make it into production with Anchore.
1. Add Jenkins to Your Environment
Anchore has published a plugin for Jenkins which, along with Anchore’s open source engine or Enterprise offering, allows container analysis and governance to be added quickly into the CI/CD process.
The following guide will allow you to add image scanning and analysis into your CI/CD process in less time than it has already taken to read this blog post!
This guide presumes the following prerequisites have been met:
– Jenkins 2.x running on a virtual machine or physical server
– Each Jenkins node should have Docker 1.10 or higher installed.
– Anchore’s Jenkins plugin can work with single node installations or installations with multiple worker nodes.
– Docker should be configured to allow the jenkins user to run Docker commands either directly or through the use of sudo.
– For most platforms you can simply add the jenkins user to the docker group in /etc/group.
– For Red Hat based systems using Red Hat’s Docker distribution rather than Docker Inc. then typically the use of sudo is required.
– To use sudo ensure that the jenkins user is part of the wheel group in /etc/group and ensure that requiretty is not set in /etc/sudoers.