Provide Configuration Details

Provide the following configuration details:

  1. The Qualys API Server URL. You can find the appropriate server URL from the API URLs section of https://www.qualys.com/platform-identification/
  2. Click Test Connection to verify that the plugin can call the Qualys Container Security API.

    configuration_settings

  3. Data collection frequency.
  4. Build failure conditions.

    data_collection

  5. We use container image IDs/image names to check for vulnerabilities. We internally use the corresponding image sha-256 of the image IDs/image names.

    If you are using containerd, the input is expected only in the image name format.

  6. Provide the Docker URL/Nerdctl binary path.runtime_settings

  7. Forward Jenkins job results to a WebHook URL.

    advanced_settingsWhen ready, click Generate Pipeline Script to get the script command.

If setting a global configuration, you can select a user from the Credential Store to authenticate to the API Server. In case of Job-specific configuration, you can provide the credentials in the pipeline/freestyle script.

Use global configuration for scanning images in CI/CD pipeline. See Scanning CI/CD images.

Irrespective of the image, the plugin always fetches the latest scan result for a given image ID. The API checks the time stamp of the image data in your account, and if the timestamp falls in the time range calculated using the 'last scanned' filter, then the API returns the image data to the plugin in the response.

Next Step

Use Qualys API Server URL

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.