Upgrade the Plugin
Use the following steps to upgrade the CS Jenkins Plugin to respective versions.
Version 1.7x
If you are upgrading the plugin to v1.7.x, ensure that the Jenkins version is 2.387.1 or greater and that the Container Security (CS) sensor is the latest.
If you are using a pipeline job in your Jenkins, you must reconfigure the pipeline snippet for the 'Qualys Container Scanning Connector' plugin task in your pipeline. Failure to do so results in the plugin breaking after the upgrade. This is a one-time activity post-upgrade for existing pipelines to run smoothly.
This change does not affect the 'Freestyle' jobs in Jenkins.
Pipeline Snippet Configuration
With version 1.7.x, the Qualys CS Plugin accepts platform information with a text field replacing the previous dropdown selection. The text field accepts the Qualys-supported platform URLs as listed here.
This change in the input field also changes the field key generated in the pipeline snippet.
Refer to the following samples:
Sample pipeline snippet before 1.7.x
"getImageVulnsFromQualys credentialsId":"Qualys-Credentials",
"imageIds":"java:latest",
"isExcludeConditions":true,
"excludeBy":"qid",
"excludeList":"qualysExclusionList",
"isSev4Vulns":true,
"isSev5Vulns":true,
"platform":"US_PLATFORM_3",
"pollingInterval":"30",
"proxyCredentialsId":"",
"proxyPort":3128,
"proxyServer":"proxyserver.com",
"useLocalConfig":true,
"useProxy":true,
"vulnsTimeout":"1200"
Sample pipeline snippet after latest version for Job Specific Configuration with Job specific 'Docker URL/Nerdctl binary path'
"getImageVulnsFromQualys apiServer":"https://qualysapi.qg2.apps.qualys.com",
"credentialsId":"68e2a407-ed05-411b-b2da-423106f1201b",
"dockerUrl":"/var/containerd_ctl",
"imageIds":"java:latest",
"isSev1Vulns":true,
"isSev2Vulns":true,
"isSev3Vulns":true,
"isSev4Vulns":true,
"isSev5Vulns":true,
"pollingInterval":"30",
"useLocalConfig":true,
"vulnsTimeout":"600"
Sample pipeline snippet after latest version for Global Configuration with Job specific 'Docker URL/Nerdctl binary path'
"getImageVulnsFromQualys dockerUrl":"/var/containerd_ctl",
"imageIds":"java:latest",
"useGlobalConfig":true
Version 1.6.2.1
If you upgrade the plugin to v1.6.2.1, ensure that the Jenkins version is 2.204.1 or greater and the Container Security (CS) version is 1.8.0.0 or greater.
When an older pipeline snippet for the Qualys CS plugin runs with v1.7.x, the plugin breaks as the expected field key for the Qualys platform is missing. Ensure you reconfigure the pipeline snippet to avoid this scenario.