Define Container Image IDs
In the plugin configuration there is a field called image ID/Image Name. Set this to a single container image Id or name you want to report on. The plugin only pulls a report for the image Id/name you specify.
Enter a single string value like imageId: 'a1b2c3d4e5f6'.
We also support SHA value of the image as the input to image ID. Specify an image name in the format repo:tag.
If you provide an image name, the plugin fetches the corresponding sha-256. The plugin tries to fetch the image sha using the docker socket path configured in configuration. If your docker host is running locally to build tool/agent, the docker socket path is unix:///var/run/docker.sock; whereas if your docker host is running remotely, the docker socket path is the TCP URL to the remote docker host. For more details on images, refer Scanning CI/CD images.
Alternatively, you can also provide image id through an environment variable. Get the image id of the container image using the program created in earlier stages of the build and provide that id in the 'imageId' argument. For example, in pipeline script, you can get the image id by executing shell script and store it in an environment variable. And then use the same environment variable in 'ImageId' argument to provide the image id.
Next Step