Introduction
Architecture
Introduction
IntroductionPromote an image in Amazon ECRDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryStore an object on Amazon S3Retrieve an object from Amazon S3
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Argo WorkflowsDeploy a binary with EC2Deploy to ECSRender an ECS task definitionBuild a container image with KanikoDeploy with OctopusDeploy with Spinnaker
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxFind Security BugsGitHub Security ScannerGosecMendNexus IQSnykSonarQube bundledSonarQube
IntroductionMendSnyk
Components

CloudBees action: Scan with Anchore

1 minute read

Use this action to scan image binaries with the Anchore scanner to identify and fix security vulnerabilities.

The following registries are supported:

  • AWS ECR

  • Docker Hub

  • JFrog

  • Nexus

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

server-url

String

Yes

The Anchore server URL.

server-username

String

Yes

The Anchore server username.

server-password

String

Yes

The Anchore server password.

server-account-name

String

Yes

The Anchore server account name.

server-proxy

String

Yes

The Anchore server proxy.

registry-url

String

Yes

The image registry URL.

registry-username

String

Yes

The image registry username.

registry-password

String

Yes

The image registry password.

image-source

String

Yes

The container image source. Supported options are:

  • aws_ecr_repo (AWS ECR)

  • dockerhub_repo (Docker Hub)

  • artifactory_repo (JFrog)

  • nexus_repo_binary (Nexus)

image-location

String

Yes

The container image location.

image-tag

String

Yes

The container image tag.

Usage example

In your YAML file, add:

      - name: Scan with Anchore
        uses: cloudbees-io/anchore-scan-container@v1
        with:
          server-url: "server_url"
          server-username: "anchore_server_username"
          server-password: ${{ secrets.ANCHORE_PASSWORD }}
          server-account-name: "anchore_server_account_name"
          server-proxy: "anchore_server_proxy"
          registry-url: ${{ vars.ANCHORE_REGISTRY }}
          registry-username: ${{ vars.REGISTRY_USERNAME }}
          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
          image-source: "/image_source"
          image-location: "test-example.anchore.com/local/alpine"
          image-tag: "latest"
Introduction
Aquasec