integrate atomic scan - Githubissues

dudash / openshiftexamples-cicdpipeline

:memo: Example showcasing automated software delivery via a CI/CD pipeline on OpenShift

MIT License

6 stars 10 forks source link

integrate atomic scan #2

Open shawndwells opened 6 years ago

shawndwells commented 6 years ago

Hey @dudash - would like up date the pipeline to perform a CVE scan during the test stage.

Essentially need to run the following command:

atomic scan --verbose ${image}

e.g.

atomic scan --verbose registry.access.redhat.com/rhel7:latest

The OpenShift Jenkins macros have been updated since last attempting this. Doesn't look like script declaratives can be used anymore. How can a command be called?

shawndwells commented 6 years ago

Second test would be to perform a STIG compliance test of the underlying operating system. Can build in scans for middleware (e.g. EAP) later... but for now, something like this:

atomic scan --scan_type configuration_compliance --scanner_args xccdf-id=scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml,profile=xccdf_org.ssgproject.content_profile_stig-rhel7-disa,report registry.access.redhat.com/rhel7:latest