Freestyle Project
You must provide the container image IDs or Image Names on the plugin configuration page. When Jenkins executes the post-build steps, the plugin only pulls a report for the image IDs or names you have specified. You can also provide image ids through an environment variable.
- In Post-Build Actions, perform the following steps:
- Select 'Scan container images with Qualys CS'. This opens a form similar to the one shown for pipeline projects.
- Provide configuration details and test the connection to ensure success. See How to configure?
- Set the IMAGE_ID environment variable to the container image IDs you want to report on. IMAGE_ID can be a single string value like 'a1b2c3d4e5f6' or a comma-separated list like 'a1b2c3d4e5f6,abcdef123456'.
The variable name must be defined correctly or the plugin does not work.
What are the steps?
- Use a specific tag to build a container image you wish to scan for vulnerabilities.
- Add a build step called 'Execute shell' in which write a shell script to use that tag to get the ID of the container image and then store that image ID in the format: IMAGE_ID=<image_id> into a file.
- Add the 'Inject environment variables' step in which provide the filename of the file in which you stored the image ID.
