Scan CI/CD Images

Configure the plugin's docker URL / socket path to automatically tag CI/CD images with 'qualys_scan_target:<image-id>'.

To configure the following plugin's docker URL / socket path fields, perform the following steps:

  1. Navigate to 'Qualys Container Security' section in the path {Jenkins-Instance-url}/manage/configure> Qualys Container Security > Advanced Settings.
  2. Configure the Docker URL/Nerdctl binary path as per your runtime environment.

    For dockerd, the expected configuration is docker socket path example, unix://path_of_docker.sock or tcp://[host]:[port], in case of TLS, cert path should be provided in field 'Cert file path' For containerd, the expected configuration is nerdctl binary path.

Containerd Pre-requisites

The Nerdctl binary path is required for the plugin to complete its activities. As such, it is advised to map the nerdctl binary path and the containerd.sock file path in the volumeMounts section of the Jenkins deployment.yaml.

Cert File Path (opional): If you are using remote server enabled https, you can provide a specific folder location which contains the files ca.pem, cert.pem and key.pem. For example, /var/jenkins_home/certs.

jenkins_cicd

A Job Specific (local) configuration uses the Docker URL and Cert File Path configured in global configuration for tagging CI/CD images.

Docker URLs (unix socket or TCP) to be Used in Various Docker Deployment Scenarios

Deployment scenario

Sensor location

Docker URL to be used

Job executed by Jenkins controller

AND

Docker host == Jenkins controller

Jenkins controller

UNIX

unix:///var/run/docker.sock

Job executed by Jenkins controller

AND

Docker Host == Remote docker host (any machine other than Jenkins controller or agent)

Remote docker host

TCP path of the Remote Docker host:

tcp://<ip_of_RDH>:<port>

For example,

tcp://10.xxx.xx.xx:2375

Job executed by Jenkins agent

AND

Docker host == Jenkins agent

Jenkins agent

UNIX

unix:///var/run/docker.sock

Job executed by Jenkins agent

AND

Docker Host == Remote docker host (any machine other than Jenkins controller or agent)

Remote docker host

TCP path of the Remote Docker host:

tcp://<ip_of_RDH>:<port>

For example,

tcp://10.xxx.xx.xx:2375

Next Step

Use the Plugin