When you install the CI/CD plug-in of Security Center on Jenkins or GitHub, you must specify a token of the plug-in and the AccessKey pair of an Alibaba Cloud account or a RAM user. This topic describes how to obtain a token of the CI/CD plug-in, create a RAM user, and grant the RAM user the permissions to use container image scan of Security Center.
Obtain a token
Create a RAM user and grant permissions to the RAM user
- Create a RAM user and grant the RAM user the permissions to use container image scan
of Security Center. For more information, see Create a RAM user.
Note When you create the RAM user, you must select OpenAPI Access in the Access Mode section.
- Create a policy that defines the permissions to use container image scan of Security
Center. For more information, see Create a custom policy on the JSON tab.
Copy the following policy document to the code editor on the JSON tab:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "yundun-sas:CreateJenkinsImageScanTask", "yundun-sas:ListImageAnalysisRuleProject", "yundun-sas:SubmitImageAnalysisOutput", "yundun-sas:UpdateJenkinsImageScanTaskStatus", "yundun-sas:UploadAnalyzerRuntimeLog", "yundun-sas:CreateBatchUploadURL" ], "Resource": "*" } ] } - Attach the policy to the RAM user that you created. For more information, see Grant permissions to a RAM user.