Configure Pipeline Job
You can scan and secure the IaC templates using the Jenkins pipeline job.
- Create a Jenkins pipeline project and place the required script in the pipeline project.
- If you want to scan the entire repository, set the value for scanWholeRepo as True. If you want to scan only the changed / newly added files, set the value for scanWholeRepo as False.
- To run this job on the required agent, add the agent details in the script and click Save.
- Paste the generated pipeline script copied earlier from step 6 in Configure Git Repositories.
- Add the environment variables created in step 3 in Configure Environment Variables.
- If you are connected to a proxy server, mention the HTTP Proxy details in the script.
Sample Script
agent { label 'vm198'} stages {
stage ("Checkout the Code") { steps {
// Use pipeline Syntax snippet generator and select sample
type git:Git
git branch: 'main', credentialsId: 'Github-Creds', url:
'https://github.com/xxxxxx/GithubAction.git'
}
}
stage ("Run QIaC Container") { agent {
docker {
// provide Qualys docker image name image 'qualys/qiac_security_cli' args '--entrypoint=""'
alwaysPull true reuseNode true
}
}
environment {
// Create a username and password credential in jenkins as a secrete text and provide credential id
QUALYS_URL = credentials('QUALYS_URL') QUALYS_USERNAME = credentials('QUALYS_USERNAME')
QUALYS_PASSWORD = credentials('QUALYS_PASSWORD')
// Please use proxy if required for your env HTTP_PROXY="http://xx.xxx.xx.xx:xxxx" HTTPS_PROXY="http://xx.xxx.xx.xx:xxxx"
}
steps {
//Do not change following command sh 'su qiac'
sh "sh /home/qiac/iac_scan_launcher.sh ${scanWholeRepo}"
}
}
}
post {
always {
archiveArtifacts(artifacts: 'cli_output')
// to clean up directory Workspace cleanup plugin is required cleanWs()
}
}
}
Next step: