All Products
Search
Document Center

Security Center:Install the CI/CD plug-in for a Jenkins Pipeline project

Last Updated:Sep 27, 2023

Security Center allows you to install the CI/CD plug-in for a Jenkins Pipeline project. After you install the CI/CD plug-in, Security Center scans images in the project when you build the project. This topic describes how to install the CI/CD plug-in for a Jenkins Pipeline project.

Limits

You can install the CI/CD plug-in only on Jenkins 1.625.3 or later.

Download the CI/CD plug-in

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.In the left-side navigation pane, choose Protection Configuration > Container Protection > CI/CD Integration Settings.
  2. Click Integration Configuration.
  3. In the Integration Configuration panel, click Download Plug-in in the upper-right corner.
    The CI/CD plug-in in the HPI format is downloaded to your computer. The name of the plug-in is sas-jenkins-plugin

Install the CI/CD plug-in on Jenkins

  1. Log on to Jenkins.
  2. In the left-side navigation pane, click Manage Jenkins.
  3. On the Manage Jenkins page, click Manage Plugins.
  4. On the Manage Plugins page, click the Advanced tab.
  5. In the Upload Plugin section, click Choose File.
    Select the downloaded CI/CD plug-in named sas-jenkins-plugin.
  6. Click Upload.
    Important After you install the sas-jenkins-plugin plug-in, you must restart Jenkins for the plug-in to take effect.

Configure image scans

  1. Log on to Jenkins.

  2. Find the Jenkins Pipeline project whose images you want to scan and click the name of the project.

  3. In the left-side navigation pane, click Configure.

  4. In the Pipeline section, configure the parameters. After you complete the configuration, the images in the Jenkins Pipeline project can be scanned.

    The following list provides examples of declarative and scripted pipelines for Jenkinsfile. You can select an example to complete the configuration based on your business requirements.

    • Scripted pipeline example

      node {
          sas(accessKeyId: '$AK', accessKeySecret: '$SK', token: '$TOKEN', imageId: '$IMAGE', domain: '$DOMAIN', registryUrl: '$REGISTRY_URL', registryUsername: '$REGISTRY_USERNAME', registryPwd: '$REGISTRY_PWD')
      }
    • Declarative pipeline example

      pipeline {
          agent any
      
          environment {
              ACCESS_KEY_ID = '$AK'
              ACCESS_KEY_SECRET = '$SK'
              IMAGE_ID = '$IMAGE'
              TOKEN = '$TOKEN'
              DOMAIN = '$DOMAIN'
              REGISTRY_URL = null
              REGISTRY_USERNAME = null
              REGISTRY_PWD = null
          }
      
          stages {
              stage('Build') {
                  steps {
                      sas(accessKeyId: env.ACCESS_KEY_ID, accessKeySecret: env.ACCESS_KEY_SECRET, imageId: env.IMAGE_ID, token: env.TOKEN, domain: env.DOMAIN, registryUrl: env.REGISTRY_URL, registryUsername: env.REGISTRY_USERNAME, registryPwd: env.REGISTRY_PWD)
                  }
              }
          }
      }
  5. Click Save.

    After you complete the configuration, Security Center scans images in the project for risks when you build the project.

What to do next

You can view image scan results on the Container tab of the Assets page in the Security Center console. For more information, see View image scan results.