preloder

Anchore + Jenkins

Anchore has been designed to plug seamlessly into your container based CI/CD pipeline to add analytics, compliance and governance to your workflow.

Overview

Using Anchore’s freely available and open source Jenkins plugin you can secure your Jenkins CI/CD pipeline in less than 30 minutes. 

By adding image scanning, including not just CVE based security scans but policy based scans that can include checks around security, compliance and operational best practices, you can ensure only trusted vetted container images make it into production with Anchore.

Getting Started with the Integration

How to integrate Anchore and Jenkins

1. Add Jenkins to Your Environment

Anchore has published a plugin for Jenkins which, along with Anchore’s open source engine or Enterprise offering, allows container analysis and governance to be added quickly into the CI/CD process.

The following guide will allow you to add image scanning and analysis into your CI/CD process in less time than it has already taken to read this blog post!

Requirements:

This guide presumes the following prerequisites have been met:

– Jenkins 2.x running on a virtual machine or physical server
– Each Jenkins node should have Docker 1.10 or higher installed.
– Anchore’s Jenkins plugin can work with single node installations or installations with multiple worker nodes.

Notes:

– Docker should be configured to allow the jenkins user to run Docker commands either directly or through the use of sudo.
– For most platforms you can simply add the jenkins user to the docker group in /etc/group.
– For Red Hat based systems using Red Hat’s Docker distribution rather than Docker Inc. then typically the use of sudo is required.
– To use sudo ensure that the jenkins user is part of the wheel group in /etc/group and ensure that requiretty is not set in /etc/sudoers.

2. Add a Build Step to Analyze the Image

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.

3. View the Results of the Build

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.

Read the Documentation

Read the documentation on Anchore integration with Jenkins and get started with the integration.