Use the Plugin
Qualys recommends setting up the Jenkins Plugin after the container image is built and before it is pushed to the registry.
Ensure you do not delete the image before the plugin is set up.
While setting up the plugin, you can provide a global or job-specific configuration. The global configuration can be set once and used for multiple projects, both Pipeline and Freestyle.
Perform the following steps to set a global configuration:
- Go to Manage Jenkins > Configure System,
- Scroll down to the Qualys Container Security section and provide the configuration details listed as follows:
If you want to set a job-specific configuration:
-
From the Pipeline Syntax > Snippet Generator page, select 'getImageVulnsFromQualys: Scan container images with Qualys CS'.
-
Select the 'Use Job-Specific Configuration'.
-
-
Selecting the 'Use Global(Jenkins) Configuration' option lets the job use the global configuration you set under Manage Jenkins > Configure System > Qualys Container Security.
For more details, refer to Configuration Details.
This plugin provides a build step and a post-build action. It can be used for pipeline-type projects (CI/CD pipeline) and freestyle projects. We describe both in the sections that follow.