Jenkins Anchore Container Scanner Plugin
Submitted By Jenkins User Marky Jackson
Anchore, a global software company, offers container inspection and compliance solutions. Knowing they wanted their operators to deploy containers with confidence, their software engineering team turned to Jenkins and customized a plugin to simplify the software cycle.
Organization: anchore.com, offers container inspection and compliance solutions globally.
Programming Language: Java, Node.js, Python, Vue.js Platform: Docker, Kubernetes, Linux Version Control System: GitHub Build Tool: Maven
Project website: https://github.com/jenkinsci/anchore-container-scanner-plugin
Team members: All work for Anchore including Daniel Nurmi, CTO | Swathi Gangisetty, Software Engineer | Marky Jackson, Software Engineer
Community Support: Relied on Jenkins Users Google Group or IRC Chat, Jenkins.io websites & blogs, networking at Jenkins event, and spoke with colleagues and peers
Deploying containers confidently with the help of a plugin.
Background: Anchore, a global software company, offers container inspection and compliance solutions for a wide variety of use cases. These include use in small open source projects or by large teams in highly-regulated industries. Its mission: to empower developers to secure their container workflows in a manner that does not disrupt, distract, or encumber them, allowing them to innovate at their own pace. With velocity at the heart of what they do, Anchore’s software engineering team turned to Jenkins to create a plugin that would support the ability to inspect, reason about, and evaluate policy against containers present on the local Docker host.
Goals: The team’s goal for this project was to enable the operators to deploy containers with confidence and to understand and simplify the software cycle.
Solution & Results: The team deployed a Jenkins job to build a container image, and push the image to a registry that is pre-configured in the Anchore Engine. It works like this: the Anchore build step interacts with the Anchore Engine by ‘adding’ the image and then performing a policy evaluation check on the image. (Adding the image instructs the Anchore Engine to initially pull the image from the registry.)
The build step can optionally be configured to ‘fail’ the build if the policy evaluation results in a ‘STOP’ action. The plugin will then store the resulting policy evaluation results with the job, for later inspection/review.
Use of this plugin — which can be used in Freestyle and Pipeline jobs — helped the team meet its ultimate goal to allow its users to deploy containers with:
- ease of use