Install the CI/CD plug-in for a Jenkins Freestyle project - Security Center

Security Center allows you to install the CI/CD plug-in for a Jenkins Freestyle project. After you install the CI/CD plug-in, Security Center scans images in the project when you build the project. This topic describes how to install the CI/CD plug-in for a Jenkins Freestyle project.

Limits

You can install the CI/CD plug-in only on Jenkins 1.625.3 or later.

Download the CI/CD plug-in

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.In the left-side navigation pane, choose Protection Configuration > Container Protection > CI/CD Integration Settings.
Click Integration Configuration.
In the Integration Configuration panel, click Download Plug-in in the upper-right corner.
The CI/CD plug-in in the HPI format is downloaded to your computer. The name of the plug-in is sas-jenkins-plugin

Install the CI/CD plug-in on Jenkins

Interface of Jenkins 2.479.1 is used as an example to illustrate this process.

Log on to Jenkins.
In the left-side navigation pane, click Manage Jenkins.
On the Manage Jenkins page, click Plugins.
On the Plugins page, click Advanced settings.
In the Deploy Plugin section, click Choose File.
Select the downloaded CI/CD plug-in named sas-jenkins-plugin.
Click Deploy.
Restart Jenkins.
Important
After you install the sas-jenkins-plugin plug-in, you must restart Jenkins for the plug-in to take effect.

Configure image scans

Interface of Jenkins 2.479.1 is used as an example to illustrate this process.

Log on to Jenkins.
Find the Jenkins Freestyle project whose images you want to scan and click the name of the project.
In the left-side navigation pane, click Configure.
On the page that appears, find the Build Steps section, click Build Steps, and select Image vulnerability scan from the drop-down list.

In the Image vulnerability scan section, configure the parameters. After you complete the configuration, the images in the Jenkins Freestyle project can be scanned.

The following table describes the parameters.

Parameter	Description
AccessKeyId	The AccessKey ID of your Alibaba Cloud account or a RAM user of the Alibaba Cloud account. Note We recommend that you enter the AccessKey ID of a RAM user.
AccessKeySecret	The AccessKey secret of your Alibaba Cloud account or a RAM user of the Alibaba Cloud account. Note We recommend that you enter the AccessKey secret of a RAM user.
Token	A token of the CI/CD plug-in. For more information about how to obtain a token of the CI/CD plug-in, see Obtain a token of the CI/CD plug-in.
ImageId	The IDs of the images that you want to scan or the tag of the image repository to which the images belong.
Domain	For regions outside China, set the value to tds.ap-southeast-1.aliyuncs.com.
RegistryUrl	The URL of the image repository. Important If you want to scan the images in a remote image repository, you must configure this parameter.
RegistryUsername	The username used to log on to the image repository. Important If you want to scan the images in a remote image repository, you must configure this parameter.
RegistryPwd	The password used to log on to the image repository. Important If you want to scan the images in a remote image repository, you must configure this parameter.

Click Save.
After you complete the configuration, Security Center scans images in the project for risks when you build the project.

What to do next

View image scan results. For more information, see View image scan results.