All Products
Search

This Product

    Security Center:Jenkins pipeline integration

    Document Center

    Security Center:Jenkins pipeline integration

    Last Updated:Mar 31, 2026

    Security Center integrates with Jenkins to scan container images automatically during each build. Install the sas-jenkins-plugin plug-in, then configure a Jenkinsfile to trigger image scanning when your pipeline runs.

    This guide covers the following steps:

    1. Download the plug-in from the Security Center console

    2. Install the plug-in on Jenkins

    3. Configure image scanning in your Jenkins Pipeline project

    Prerequisites

    Before you begin, ensure that you have:

    • Jenkins 1.625.3 or later

    • Access to the Security Center console

    • An Alibaba Cloud AccessKey ID and AccessKey Secret

    • A Jenkins Pipeline project

    Download the CI/CD plug-in

    1. Log on to the Security Center console. In the top navigation bar, select the region of the asset you want to manage. The supported regions are China and Outside China.

    2. In the left-side navigation pane, choose Protection Configuration > Container Protection > CI/CD Integration Settings.

    3. Click Integration Configuration.

    4. In the Integration Configuration panel, click Download Plug-in in the upper-right corner.

    The plug-in is downloaded as an HPI file named sas-jenkins-plugin.

    Install the CI/CD plug-in on Jenkins

    1. Log on to Jenkins.

    2. In the left-side navigation pane, click Manage Jenkins.

    3. On the Manage Jenkins page, click Manage Plugins.

    4. On the Manage Plugins page, click the Advanced tab.

    5. In the Upload Plugin section, click Choose File and select the sas-jenkins-plugin HPI file.

    6. Click Upload.

    Important

    Restart Jenkins after installation. The plug-in does not take effect until Jenkins restarts.

    Configure image scanning

    1. Log on to Jenkins.

    2. Find the Jenkins Pipeline project whose images you want to scan and click the project name.

    3. In the left-side navigation pane, click Configure.

    4. In the Pipeline section, add the sas() step to your Jenkinsfile. Choose one of the following examples based on your pipeline type.

      Scripted Pipeline

      node {
    sas(accessKeyId: '$AK', accessKeySecret: '$SK', token: '$TOKEN', imageId: '$IMAGE', domain: '$DOMAIN', registryUrl: '$REGISTRY_URL', registryUsername: '$REGISTRY_USERNAME', registryPwd: '$REGISTRY_PWD')
}

      Declarative Pipeline

      pipeline {
    agent any

    environment {
        ACCESS_KEY_ID = '$AK'
        ACCESS_KEY_SECRET = '$SK'
        IMAGE_ID = '$IMAGE'
        TOKEN = '$TOKEN'
        DOMAIN = '$DOMAIN'
        REGISTRY_URL = null
        REGISTRY_USERNAME = null
        REGISTRY_PWD = null
    }

    stages {
        stage('Build') {
            steps {
                sas(accessKeyId: env.ACCESS_KEY_ID, accessKeySecret: env.ACCESS_KEY_SECRET, imageId: env.IMAGE_ID, token: env.TOKEN, domain: env.DOMAIN, registryUrl: env.REGISTRY_URL, registryUsername: env.REGISTRY_USERNAME, registryPwd: env.REGISTRY_PWD)
            }
        }
    }
}

    5. Click Save.

    Security Center scans images in the project for risks each time you trigger a build.

    What's next

    View image scanning results on the Container tab of the Assets page in the Security Center console. For more information, see View image scan results.