Lab 17 - Clair Vulnerability Scan

Return to Workshop

Add Clair Container Scan

Add the configuration for the Container Vulnerability Scan below to your pipeline text file.



Append to Jenkins Pipeline Configuration

In Builds > Pipelines > tasks-pipeline > Actions > Edit

In your pipeline, add and update the following variables after the version and mvnCmd definitions. Please fill in the values between the quotes.

def ocuser = " "
def ocpass = " "
def ocp = " "
def quayuser = " "
def quaypass = " "
def quayrepo = " "

For Example:

def ocuser = "userYOUR#"
def ocpass = "openshift"
def ocp = "master.example.redhatgov.io"
def quayuser = "userYOUR#"
def quaypass = "openshift"
def quayrepo = "jboss-eap70-openshift"

In your pipeline, replace the Jenkins agent 'maven' with 'jenkins-slave-image-mgmt'.

pipeline {
  agent {
    label 'jenkins-slave-image-mgmt'
  }

In your pipeline, add the Vulnerability Scan Stage after the Build Image Stage.

    stage('Clair Container Vulnerability Scan') {
      steps {
            sh "oc login -u $ocuser -p $ocpass --insecure-skip-tls-verify https://$ocp 2>&1"
            sh 'skopeo --debug copy --src-creds="$(oc whoami)":"$(oc whoami -t)" --src-tls-verify=false --dest-tls-verify=false' + " --dest-creds=$quayuser:$quaypass docker://docker-registry.default.svc:5000/cicd-$ocuser/jboss-eap70-openshift:1.5 docker://quay-enterprise-quay-enterprise.apps.$ocp/$quayuser/$quayrepo:1.5"
        }
    }

Save your Jenkins file

Run Pipeline

Go to Builds > Pipeline

Click Start Pipeline for the pipeline you just created called tasks-pipeline.

Your pipeline should now execute through all the stages you created.

Go ahead and click View Log. This will take you to the Jenkins logs and you can follow the various stages in your pipeline.

When it asks to promote to stage, go ahead and promote it.



View Clair Container Scan Report in Quay

Select the Repository that was created



Select Repository Tags on the left hand menu

Select the Security Scan for your Image



View the Security Scan Report



Workshop Details

Domain Red Hat Logo
Workshop
Student ID

Return to Workshop