CloudBees action: Scan with Anchore

1 minute read

Use this action to scan image binaries with the Anchore scanner to identify and fix security vulnerabilities.

The following registries are supported:

  • AWS ECR

  • Docker Hub

  • JFrog

  • Nexus

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

server-url

String

Yes

The Anchore server URL.

server-username

String

Yes

The Anchore server username.

server-password

String

Yes

The Anchore server password.

server-account-name

String

Yes

The Anchore server account name.

server-proxy

String

Yes

The Anchore server proxy.

registry-url

String

Yes

The image registry URL.

registry-username

String

Yes

The image registry username.

registry-password

String

Yes

The image registry password.

image-source

String

Yes

The container image source. Supported options are:

  • aws_ecr_repo (AWS ECR)

  • dockerhub_repo (Docker Hub)

  • artifactory_repo (JFrog)

  • nexus_repo_binary (Nexus)

image-location

String

Yes

The container image location.

image-tag

String

Yes

The container image tag.

Usage example

In your YAML file, add:

      - name: Scan with Anchore
        uses: cloudbees-io/anchore-scan-container@v1
        with:
          server-url: "server_url"
          server-username: "anchore_server_username"
          server-password: ${{ secrets.ANCHORE_PASSWORD }}
          server-account-name: "anchore_server_account_name"
          server-proxy: "anchore_server_proxy"
          registry-url: ${{ vars.ANCHORE_REGISTRY }}
          registry-username: ${{ vars.REGISTRY_USERNAME }}
          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
          image-source: "/image_source"
          image-location: "test-example.anchore.com/local/alpine"
          image-tag: "latest"