Pipeline Project

With pipeline projects, you provide the container image ID(s) to the plugin via a command argument. Use the Snippet Generator to generate this command, and then copy/paste it into your pipeline script (Jenkinsfile).

Perform the following steps to define container image ids in Pipeline project:

  1. Use a specific tag to build a container image you wish to scan for vulnerabilities.
  2. Use that tag to get the ID of the container image and then store that image ID in an environment variable.
  3. Provide that environment variable to the Qualys Jenkins Plugin as input.

    Sample Pipeline script

    stage("Build container image"")"{
   :"sample in this case)
steps"{
      "dir(""dockerbuild"")"{
         "sh""docker build -t qualys:sample . > docker_output"
      }
   }
}"        
stage(""Get Image id"")"{
   :"tag (qualys":"sample in this case) combination with the grep command to get the same image id and save the image id in an environment variable
steps"{
      "script"{
         "def IMAGE_ID = sh(script":"docker images | grep -E '^qualys.*sample' | head -1 | awk '{print \\$3}'",
         "returnStdout":"true).trim()
env.IMAGE_ID = IMAGE_ID"
      }
   }
}"        
stage(""Get Image Vulns - Qualys Plugin"")"{
   "'s step
steps {
               getImageVulnsFromQualys useGlobalConfig:true, imageIds: env.IMAGE_ID
}
}"

Related Topic

Freestyle Project

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: December, 2025