Jenkins is the way to understand and simplify your software lifecycle

Jenkins Anchore Container Scanner Plugin

Submitted By Jenkins User Marky Jackson

 Anchore, a global software company, offers container inspection and compliance solutions. Knowing they wanted their operators to deploy containers with confidence, their software engineering team turned to Jenkins and customized a plugin to simplify the software cycle. 

Organization: anchore.com, offers container inspection and compliance solutions globally. 

Programming Language: Java, Node.js, Python, Vue.js Platform: Docker, Kubernetes, Linux Version Control System: GitHub Build Tool: Maven

Project website: https://github.com/jenkinsci/anchore-container-scanner-plugin

Team members: All work for Anchore including Daniel Nurmi, CTO | Swathi Gangisetty, Software Engineer | Marky Jackson, Software Engineer

Community Support:  Relied on Jenkins Users Google Group or IRC Chat, Jenkins.io websites & blogs, networking at Jenkins event, and spoke with colleagues and peers

Deploying containers confidently with the help of a plugin.

Background: Anchore, a global software company, offers container inspection and compliance solutions for a wide variety of use cases. These include use in small open source projects or by large teams in highly-regulated industries. Its mission: to empower developers to secure their container workflows in a manner that does not disrupt, distract, or encumber them, allowing them to innovate at their own pace. With velocity at the heart of what they do, Anchore’s software engineering team turned to Jenkins to create a plugin that would support the ability to inspect, reason about, and evaluate policy against containers present on the local Docker host.

Goals: The team’s goal for this project was to enable the operators to deploy containers with confidence and to understand and simplify the software cycle.

"Jenkins has helped our developers be much more innovative as they are no longer needed to also be infrastructure engineers."
Marky Jackson, Software Engineer, Anchore

Solution & Results:  The team deployed a Jenkins job to build a container image, and push the image to a registry that is pre-configured in the Anchore Engine. It works like this:  the Anchore build step interacts with the Anchore Engine by ‘adding’ the image and then performing a policy evaluation check on the image. (Adding the image instructs the Anchore Engine to initially pull the image from the registry.)

The build step can optionally be configured to ‘fail’ the build if the policy evaluation results in a ‘STOP’ action. The plugin will then store the resulting policy evaluation results with the job, for later inspection/review.

Use of this plugin — which can be used in Freestyle and Pipeline jobs — helped the team meet its ultimate goal to allow its users to deploy containers with:

  • simplicity
  • confidence
  • ease of use

Like what you see? Share your Jenkins user story today

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Jenkins® is a CD Foundation project and a registered trademark of Software in the Public Interest, Inc. Copyright Jenkins 2020