You can now use MicroScanner as a step in your build. For freestyle builds, you add a build step for Aqua MicroScanner. You can choose whether high severity vulnerabilities found in your image will fail or pass the build:
For pipeline jobs, you can insert MicroScanner into the build step script, like so:
Upon running the pipeline job, the Aqua MicroScanner is now a stage in your automated build:
In addition to optionally failing your build, MicroScanner provides a report on the vulnerabilities found during your image build. If you configure HTML support in Jenkins, those can be nicely formatted HTML pages.
The scan report gives you a high-level overview of the number and severity of vulnerabilities that were found:
Clicking the Vulnerabilities tab will display a detailed report of all vulnerabilities. Note that this may contain not only CVEs but also vendor-published vulnerabilities that may not yet (or not at all) be listed as CVEs:
No More Excuses
We've made MicroScanner very easy to use, and the Jenkins plugin makes it even easier to use and automate. There's really no excuse for building images that include risky known vulnerabilities when it's so easy to avoid them at no cost. So make this an integral part of your build process - starting today!
Aqua enables enterprises to secure their virtual container environments from development to production, accelerating container adoption and bridging the gap between DevOps and IT security.
Aqua's Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks, providing transparent, automated security while helping to enforce policy and simplify regulatory compliance.