Jenkins is the way to understand and simplify your software lifecycle

Jenkins Anchore Container Scanner Plugin

Submitted By Jenkins User Marky Jackson

 Anchore, a global software company, offers container inspection and compliance solutions. Knowing they wanted their operators to deploy containers with confidence, their software engineering team turned to Jenkins and customized a plugin to simplify the software cycle. 

Organization: anchore.com, offers container inspection and compliance solutions globally. 

Programming Language: Java, Node.js, Python, Vue.js Platform: Docker, Kubernetes, Linux Version Control System: GitHub Build Tool: Maven

Project website: https://github.com/jenkinsci/anchore-container-scanner-plugin

Team members: All work for Anchore including Daniel Nurmi, CTO | Swathi Gangisetty, Software Engineer | Marky Jackson, Software Engineer

Community Support:  Relied on Jenkins Users Google Group or IRC Chat, Jenkins.io websites & blogs, networking at Jenkins event, and spoke with colleagues and peers

Deploying containers confidently with the help of a plugin.

Background: Anchore, a global software company, offers container inspection and compliance solutions for a wide variety of use cases. These include use in small open source projects or by large teams in highly-regulated industries. Its mission: to empower developers to secure their container workflows in a manner that does not disrupt, distract, or encumber them, allowing them to innovate at their own pace. With velocity at the heart of what they do, Anchore’s software engineering team turned to Jenkins to create a plugin that would support the ability to inspect, reason about, and evaluate policy against containers present on the local Docker host.

Goals: The team’s goal for this project was to enable the operators to deploy containers with confidence and to understand and simplify the software cycle.

"Jenkins rocks by being a leader in the CICD space and having a robust ecosystem which enables us to provide high velocity, policy-based container workflows without compromise.”
Marky Jackson, Software Engineer, Anchore

Solution & Results:  The team deployed a Jenkins job to build a container image, and push the image to a registry that is pre-configured in the Anchore Engine. It works like this:  the Anchore build step interacts with the Anchore Engine by ‘adding’ the image and then performing a policy evaluation check on the image. (Adding the image instructs the Anchore Engine to initially pull the image from the registry.)

The build step can optionally be configured to ‘fail’ the build if the policy evaluation results in a ‘STOP’ action. The plugin will then store the resulting policy evaluation results with the job, for later inspection/review.

Use of this plugin — which can be used in Freestyle and Pipeline jobs — helped the team meet its ultimate goal to allow its users to deploy containers with:

  • simplicity
  • confidence
  • ease of use

Like what you see? Share your Jenkins user story today.

Jenkins® is a CD Foundation project and a registered trademark of Software in the Public Interest, Inc. Copyright Jenkins 2020