Scan CI/CD Images
Configure the plugin's docker URL / socket path to automatically tag CI/CD images with 'qualys_scan_target:<image-id>'.
To configure the following plugin's docker URL / socket path fields, perform the following steps:
- Navigate to 'Qualys Container Security' section in the path {Jenkins-Instance-url}/manage/configure> Qualys Container Security > Advanced Settings.
- Configure the Docker URL/Nerdctl binary path as per your runtime environment.
For dockerd, the expected configuration is docker socket path example, unix://path_of_docker.sock or tcp://[host]:[port], in case of TLS, cert path should be provided in field 'Cert file path' For containerd, the expected configuration is nerdctl binary path.
Containerd Pre-requisites
The Nerdctl binary path is required for the plugin to complete its activities. As such, it is advised to map the nerdctl binary path and the containerd.sock file path in the volumeMounts section of the Jenkins deployment.yaml.
Cert File Path (opional): If you are using remote server enabled https, you can provide a specific folder location which contains the files ca.pem, cert.pem and key.pem. For example, /var/jenkins_home/certs.
A Job Specific (local) configuration uses the Docker URL and Cert File Path configured in global configuration for tagging CI/CD images.
Docker URLs (unix socket or TCP) to be Used in Various Docker Deployment Scenarios
Deployment scenario |
Sensor location |
Docker URL to be used |
---|---|---|
Job executed by Jenkins controller AND Docker host == Jenkins controller |
Jenkins controller |
UNIX unix:///var/run/docker.sock |
Job executed by Jenkins controller AND Docker Host == Remote docker host (any machine other than Jenkins controller or agent) |
Remote docker host |
TCP path of the Remote Docker host: tcp://<ip_of_RDH>:<port> For example, tcp://10.xxx.xx.xx:2375 |
Job executed by Jenkins agent AND Docker host == Jenkins agent |
Jenkins agent |
UNIX unix:///var/run/docker.sock |
Job executed by Jenkins agent AND Docker Host == Remote docker host (any machine other than Jenkins controller or agent) |
Remote docker host |
TCP path of the Remote Docker host: tcp://<ip_of_RDH>:<port> For example, tcp://10.xxx.xx.xx:2375 |