Upgrade Plugin
This section provides guidance on upgrading the CS Jenkins Plugin to its respective versions.
Version 1.7x
If you are using a pipeline job in your Jenkins, you must reconfigure the pipeline snippet for the 'Qualys Container Scanning Connector' plugin task in your pipeline. Failure to do so results in the plugin breaking after the upgrade. This is a one-time activity post-upgrade for existing pipelines to run smoothly.
This change does not affect the 'Freestyle' jobs in Jenkins.
Prerequisites
If you are upgrading the plugin to v1.7.x the following prerquisites must be met:
- Ensure that the Jenkins version is 2.387.1 or higher.
- Container Security (CS) sensor is of latest model.
Pipeline Snippet Configuration
With version 1.7.x, the Qualys CS Plugin accepts platform information with a text field replacing the previous dropdown selection. The text field accepts the Qualys-supported platform URLs. To learn more about Qualys supportyed platform refer to Identify your Qualys platform.
This change in the input field also changes the field key generated in the pipeline snippet.
Refer to the following samples:
Sample pipeline snippet before 1.7.x
"getImageVulnsFromQualys credentialsId":"Qualys-Credentials",
"imageIds":"java:latest",
"isExcludeConditions":true,
"excludeBy":"qid",
"excludeList":"qualysExclusionList",
"isSev4Vulns":true,
"isSev5Vulns":true,
"platform":"US_PLATFORM_3",
"pollingInterval":"30",
"proxyCredentialsId":"",
"proxyPort":3128,
"proxyServer":"proxyserver.com",
"useLocalConfig":true,
"useProxy":true,
"vulnsTimeout":"1200"
Sample pipeline snippet after latest version for Job Specific Configuration with Job specific 'Docker URL/Nerdctl binary path'
"getImageVulnsFromQualys apiServer":"https://qualysapi.qg2.apps.qualys.com",
"credentialsId":"68e2a407-ed05-411b-b2da-423106f1201b",
"dockerUrl":"/var/containerd_ctl",
"imageIds":"java:latest",
"isSev1Vulns":true,
"isSev2Vulns":true,
"isSev3Vulns":true,
"isSev4Vulns":true,
"isSev5Vulns":true,
"pollingInterval":"30",
"useLocalConfig":true,
"vulnsTimeout":"600"
Sample pipeline snippet after latest version for Global Configuration with Job specific 'Docker URL/Nerdctl binary path'
"getImageVulnsFromQualys dockerUrl":"/var/containerd_ctl",
"imageIds":"java:latest",
"useGlobalConfig":true
Version 1.6.2.1
When an older pipeline snippet for the Qualys CS plugin runs with v1.7.x, the plugin breaks as the expected field key for the Qualys platform is missing. Ensure you reconfigure the pipeline snippet to avoid this scenario.
Prerequisites
If you are upgrading the plugin to v1.6.2.1 the following prerquisites must be met:
- Ensure that the Jenkins version is 2.204.1 or higher.
- Container Security (CS) version is 1.8.0.0 or higher.
When an older pipeline snippet for the Qualys CS plugin runs with v1.7.x, the plugin breaks as the expected field key for the Qualys platform is missing. Ensure you reconfigure the pipeline snippet to avoid this scenario.