Get Started with Qualys Container Scanning Connector for Bamboo

Version 1.6.2.3

Welcome to Qualys Container Security! We help you get acquainted with Qualys solutions for securing your Container environments, including Images, Containers, and Docker Hosts, using the Qualys Cloud Security Platform.

Qualys Container Security provides a plugin for Bamboo to get the security posture for the container images built via the tool. The plugin can be configured to fail or pass the container image builds based on the vulnerabilities detected.

Pre-requisites

To integrate Qualys Container Security with Bamboo, the following pre-requisites must be met:

• A valid Qualys subscription with the Container Security application activated.
• Access to Qualys Container Security application API endpoint from your build host.
• The CI/CD environment container sensor must be installed on the Bamboo build host. Refer to the Qualys Container Security Sensor Deployment Guide for instructions on installing the container cicd sensor. You must pass the following parameter while deploying the sensor for the CI/CD environment:
  cicd-deployed-sensor or -c.
• If you are using Qualys Container Scanning Connector for Bamboo v1.6.2.3, then the Bamboo CICD tool version must be 9.2.1 or later.
• An Internet connection is required for the agent to connect to the Qualys Cloud Platform. If the agent is running behind a proxy, install a sensor with the proxy option
• The Bamboo server and agents require an open connection to the Qualys Cloud Platform to retrieve data from the Qualys Cloud Platform for vulnerability reporting.
• Bamboo plugin automatically tags images built out of CI/CD pipeline with the tag qualys_scan_target:<image-sha> to mark them for scanning and only those images are scanned for vulnerabilities. Once the scanning is over, Qualys Container Sensor removes the tag. However, if an image has no other tag applied to it other than 'qualys_scan_target:<image-sha>,' the sensor retains the tag to avoid the removal of the image from the host.

 The Qualys Container Scanning Connector for Bamboo is verified against the legacy type of Bamboo server installation.

Quick Steps to Integrate

• Install the Plugin
• Scan CI/CD Images
• Use the Plugin
• Define Container Image IDs
• Use the WebHook 
• Configuration Details

Links to the Container Scanning Connector Related Documents 

• For information on using the Container Security UI to monitor vulnerabilities in Images, Containers, and Registries, refer to the Qualys Container Security User Guide.
• For information on deploying the sensor on MAC, CoreOS, and various orchestrators and cloud environments, refer to the Qualys Container Sensor Deployment Guide.
• For information on using the Container Security API, refer to the Qualys Container Security API Guide.
• For information on the Jenkins plugin, see Qualys Container Scanning Connector for Jenkins.