Add Clair Container Scan

Add the configuration for the Container Vulnerability Scan below to your pipeline text file.

Append to Jenkins Pipeline Configuration

In Builds > Pipelines > tasks-pipeline > Actions > Edit

In your pipeline, add and update the following variables after the version and mvnCmd definitions. Please fill in the values between the quotes.

ocuser : the openshift user given to you by your insturctor
ocpass : the openshift password given to you by your insturctor
ocp : the openshift host given to you by your instuctor
quayuser : the quay user you created previously
quaypass : the quay password you created previously
quayrepo : the quay repo you will push your app image to i.e. tasks

def ocuser = " "
def ocpass = " "
def ocp = " "
def quayuser = " "
def quaypass = " "
def quayrepo = " "

For Example:

def ocuser = "userYOUR#"
def ocpass = "openshift"
def ocp = "master.example.redhatgov.io"
def quayuser = "userYOUR#"
def quaypass = "openshift"
def quayrepo = "jboss-eap70-openshift"

In your pipeline, replace the Jenkins agent ‘maven’ with ‘jenkins-slave-image-mgmt’.

pipeline {
  agent {
    label 'jenkins-slave-image-mgmt'
  }

In your pipeline, add the Vulnerability Scan Stage after the Build Image Stage.

    stage('Clair Container Vulnerability Scan') {
      steps {
            sh "oc login -u $ocuser -p $ocpass --insecure-skip-tls-verify https://$ocp 2>&1"
            sh 'skopeo --debug copy --src-creds="$(oc whoami)":"$(oc whoami -t)" --src-tls-verify=false --dest-tls-verify=false' + " --dest-creds=$quayuser:$quaypass docker://docker-registry.default.svc:5000/cicd-$ocuser/jboss-eap70-openshift:1.5 docker://quay-enterprise-quay-enterprise.apps.$ocp/$quayuser/$quayrepo:1.5"
        }
    }

Save your Jenkins file