Define Container Image IDs
For defining container image IDs, you have to define:
Define Docker Images
For defining docker images, perform the following steps in the plugin configuration:
- Set image IDs/Image Names filed into the container image IDs or names you want to report on.
- The plugin only pulls a report for your specific image IDs/names.
- Enter a single string value like imageIds: 'a1b2c3d4e5f6' or a comma-separated list like imageIds: 'a1b2c3d4e5f6, abcdef123456'.
- Specify an image name in the format repo:tag.
If you provide image IDs/image names, the plugin fetches the corresponding image sha-256. The plugin tries to fetch the image sha using the docker socket path configured in the global configuration. If your docker host is running locally to build a tool/agent, the docker socket path is unix:///var/run/docker.sock; whereas if your docker host is running remotely, the docker socket path is the TCP URL to the remote docker host.
For details on docker images, refer to Scanning CI/CD images.
You can also provide image IDs through an environment variable.
-
Get the image IDs of the images programmatically created in earlier stages of the build and provide these IDs in the 'imageIds' argument.
For example, in the pipeline script, you can get the image IDs by executing the shell script and storing it in an environment variable.
-
Use the same environment variable in the 'ImageIds' argument to provide the image IDs.
Define Containerd Images
Containerd images can only be provided in the repo:tag format. Enter the image name in the format repo:tag or comma-separated image name as repo:tag,repo-1:tag-1.
If you provide an image repo and tag, the plugin fetches the corresponding image sha-256. It tries to fetch the image sha using the containerd socket path configured in the global configuration.
Containerd does not support image ID/SHA format input for tagging images. Hence, do not provide image ID or sha256 directly as input in the plugin.
You can provide container image IDs using the following methods: