Enter Configuration Details

Provide the following configuration details: 

1. API login information (Select Use Proxy to provide proxy information).

   Due to Azure DevOps limitations password string is visible on UI. To avoid disclosing password, use pipeline variable. 

2. container image ID / image name that you want to scan. Internally, image ID/image name is replaced with sha value of the image.

3. data collection frequency. 

4.  build failure conditions.

5.  specify the docker daemon URL in the Advance Settings section for plugin to connect to the docker daemon and tag the images specified in the input.

6.  specify the variable in the Output Variable section. The Output variable contains the evaluation result of the image vulnerabilities data against the build failure conditions.

This is an optional setting and CS extension does not control the formatting of the JSON file. Hence, to have output in the proper JSON format, use any JSON specific utility. For example, in case of NodeJS script runner, you can add this line, 'console.log (JSON.stringify($(qcs.imageScanSummary)))' in the code along with the Output Variable from Qualys task as input to print the file in the proper JSON format. ('qcs.imageScanSummary' is the output variable created in qualys task with 'qcs' provided as reference name by user)  When you’re ready, click Save Configuration.

Related Topic

Qualys API Server URL