search

jenkinsci / deepsecurity-smartcheck-plugin

Jenkins plugin that requests image scans from Deep Security Smart Check
Apache License 2.0
3 stars 2 forks source link

Hi Smartcheck #2

Closed James-Quinto closed 4 years ago

James-Quinto commented 4 years ago

Hi,

Just a few inquiry

1.Does this string will be used for the smartcheck to connect to the registry? withCredentials([ usernamePassword([ credentialsId: "example-registry-auth", usernameVariable: "REGISTRY_USER", passwordVariable: "REGISTRY_PASSWORD",

2.If yes,Does the AWS ecr registry credential can be masked by this parameter?

Currently,we were trying to integrate a smartcheck scan with ecr. We were getting this error image

thanks in advance!

glb commented 4 years ago

Hi @c0t0d0s1 ! Thanks for your question!

From the image you pasted, it looks like your Jenkinsfile is missing the body of the withCredentials call.

Here's an example that calls smartcheckScan and provides ECR credentials, assuming you have created a username+password credential named example-registry-auth in Jenkins with an AWS access key ID as the username and the secret key as the password.

withCredentials([
    usernamePassword([
        credentialsId: "example-registry-auth",
        usernameVariable: "ACCESS_KEY_ID",
        passwordVariable: "SECRET_ACCESS_KEY",
    ])
]){
    smartcheckScan([
        imageName: "registry.example.com/my-project/my-image",
        smartcheckHost: "smartcheck.example.com",
        smartcheckCredentialsId: "smartcheck-auth",
        imagePullAuth: new groovy.json.JsonBuilder([
            aws: [
                region: "REGION",
                accessKeyID: ACCESS_KEY_ID,
                secretAccessKey: SECRET_ACCESS_KEY,
            ]
        ]).toString(),
    ])
}

Some notes: