How to scan a docker image using Trivy by integrating in Jenkins CICD pipeline
Pre-requisites:
- Install Trivy scanner
- Jenkins up and running
- Docker installed in Jenkins instance
- Click here to for integrating Docker and Jenkins
- Docker and Docker pipelines plug-in are installed
- Install AWS CLI
- Repo created in ECR, Click here to know how to do that.
- Create an IAM role with
Jenkins Pipeline for scanning docker image using Trivy scanner:
pipeline {
agent any
environment {
registry = "acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/my-docker-repo"
}
stages {
stage('Cloning Git') {
steps {
checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '', url: 'https://github.com/akannan1087/myPythonDockerRepo']]])
}
}
// Building Docker images
stage('Building image') {
steps{
script {
dockerImage = docker.build registry
dockerImage.tag("$BUILD_NUMBER")
}
}
}
// Scanning Docker images using Trivy scanner
stage('Trivy Security scan') {
steps{
script {
sh "trivy image acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/my-docker-repo:$BUILD_NUMBER"
}
}
}
// Uploading Docker images into AWS ECR
stage('Pushing to ECR') {
steps{
script {
sh 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin acct_id.dkr.ecr.us-east-1.amazonaws.com'
sh 'docker push acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/my-docker-repo:$BUILD_NUMBER'
}
}
}
}
}
Scan report can be viewed in Jenkins
No comments:
Post a Comment