search

jfrog / jenkins-artifactory-plugin

Jenkins artifactory plugin
http://jenkins-ci.org/
114 stars 187 forks source link

Scan Dockerimage that was not build on artifactoy #596

Open schumischumi opened 2 years ago

schumischumi commented 2 years ago

Hi, I try to integrate XRay but I don't build my images on artifactory but on openshift. After the build is complete it gets push to artifactory, but not as a stage in jenkins, but as part of the openshift build job. When I tried to add the example code to my pipeline, I get the error "xray-test is not selected for indexing" what makes sense, because how would the XRay plugin know where the image was uploaded to?

do I have to add the image path to some env or can I add it to the scanConfig?

here is my JENKINSFILE

#!groovy
import java.util.regex.Pattern

def label = "docker-${UUID.randomUUID().toString()}"

pipeline {
    options {
        buildDiscarder(logRotator(numToKeepStr: '10', artifactNumToKeepStr: '10'))
    }
    agent {
        kubernetes {
            containerTemplate(
                name: "jnlp",
                image: "${PodTemplateImage}",
                resourceRequestCpu: "200m",
                resourceLimitCpu: "500m",
                resourceRequestMemory: "100Mi",
                resourceLimitMemory: "1500Mi",
                workingDir: "/tmp",
                command: "",
                envVars: [
                    envVar(key: 'HOME', value: '/home/jenkins'),
                ],
                args: '${computer.jnlpmac} ${computer.name}'
            )
        }
    }
    stages {
        // copied from doku
        stage('Setup') {
            steps {
                script {
                    rtServer = Artifactory.server 'repo01'
                    buildInfo = Artifactory.newBuildInfo()
                    rtDocker = Artifactory.docker server: rtServer
                    buildInfo.env.capture = true
                    scanConfig = [
                            'buildName'  : buildInfo.name,
                            'buildNumber': buildInfo.number,
                            'failBuild'  : true
                    ]
                }
            }
        }
        stage('Repo Checkout') {
            options { timeout (time: 5, unit:'MINUTES')}
            steps{
                script {
                    echo " ======================= Checkout Stage ================================"
                    checkout scm
                }
            }
        }
        stage('Openshift Build') {
            options { timeout (time: 180, unit:'MINUTES')}
            steps{
                script {
                    openshift.withCluster("${OpenshiftCluster}" , "${OpenshiftClientName}") {
                        openshift.withProject ("${OpenshiftProject}") {
                            dir("openshift-build/${AppBuildName}/") {
                                openshift.raw('apply -f .')
                                openshift.raw("start-build bc/${AppBuildName}")
                                bc = openshift.selector("bc","${AppBuildName}").related('builds')                               
                                //wait for the build to finish
                                bc.watch {
                                    if (it.count() == 0)
                                    {
                                        return false
                                    }
                                        echo "Detected new builds created by buildconfig: ${it.names()}"
                                        return true
                                }
                                bc.untilEach {
                                    return it.object().status.phase == "Complete"                
                                }
                            }
                        }
                    }
                }
            }
        }
        stage('Xray Scan') {
            steps {
                script {
                    echo " ======================= XRay Stage ================================"
                    buildInfo.env.collect()
                    rtServer.publishBuildInfo buildInfo
                    scanResult = rtServer.xrayScan scanConfig
                    print scanResult
                    print rtServer
                }
            }
        }
    }
}
ghost commented 1 year ago

I'd like to bump this question because we're in a similar situation (building and pushing container images ouf-of-band). Is it possible to just "add another already pushed artifact" to the BuildInfo / xrayScan?