Provide Configuration Details

Provide the following configuration details:

1. The Qualys API Server URL. You can find the appropriate server URL from the API URLs section of Identify your Qualys platform.

   1. Click Add and then click Jenkins.
      

      The Add Credentials Window is displayed.

   2. Select the authentication method from the Kind drop-down options.

      The Qualys application supports the following authentication methods for connecting to your Qualys account:

      • Basic Authentication.
      • OIDC (OpenID Connect) 

      You can choose either method based on your organization’s security policies and access setup.

      

      Configure Basic Authentication

      Use this method if your Qualys setup uses a standard username and password. Select Username with password from the Kind drop-down options.

      1. Provide the details in the following required fields:

         Username

         Enter the Qualys username used for API access.

      2. Password

         Enter the Password for the above username.

      Configure OIDC Authentication

      Use this method if your Qualys setup uses a standard username and password. Select OAuth Credentials from the Kind drop-down options.
      

      1. Provide the details in the following required fields:

         Client ID

         Enter the Client ID received from your Qualys OIDC configuration.

      2. Client Secret

         Click Change Password, remove the previous password, and enter the Client Secret key.

2. Click Test Connection to verify that the plugin can call the Qualys Container Security API.
   
3. Data collection frequency - Provide Frequency count for how often you want toc check for data and Timeout in seconds for how long you want to wait for data.
4. Build failure conditions - Set the conditions to fail the Job. Even a single condition is not met the container image build job gets failed.

   

5. We use container image IDs/image names to check for vulnerabilities. We internally use the corresponding image sha-256 of the image IDs/image names.

   If you are using containerd, the input is expected only in the image name format.

6. Provide the Docker URL/Nerdctl binary path.
   

7. Forward Jenkins job results to a WebHook URL.

   

8. When ready, click Generate Pipeline Script to get the script command.

If setting a global configuration, you can select a user from the Credential Store to authenticate to the API Server. In case of Job-specific configuration, you can provide the credentials in the pipeline/freestyle script.

Use global configuration for scanning images in CI/CD pipeline. See Scan CI/CD images.

Irrespective of the image, the plugin always fetches the latest scan result for a given image ID. The API checks the time stamp of the image data in your account, and if the timestamp falls in the time range calculated using the 'last scanned' filter, then the API returns the image data to the plugin in the response.

Next Step

Use Qualys API Server URL