Security Center allows you to install the CI/CD plug-in for a Jenkins Freestyle project. After you install the CI/CD plug-in, Security Center scans images in the project when you build the project. This topic describes how to install the CI/CD plug-in for a Jenkins Freestyle project.

Limits

You can install the CI/CD plug-in only on Jenkins 1.625.3 or later.

Download the CI/CD plug-in

  1. Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > CI/CD Integration Settings.
  2. Click Integration Configuration.
  3. In the Integration Configuration panel, click Download Plug-in in the upper-right corner.
    The CI/CD plug-in in the HPI format is downloaded to your computer. The name of the plug-in is sas-jenkins-plugin

Install the CI/CD plug-in on Jenkins

  1. Log on to Jenkins.
  2. In the left-side navigation pane, click Manage Jenkins.
  3. On the Manage Jenkins page, click Manage Plugins.
  4. On the Manage Plugins page, click the Advanced tab.
  5. In the Upload Plugin section, click Choose File.
    Select the downloaded CI/CD plug-in named sas-jenkins-plugin.
  6. Click Upload.
    Important After you install the sas-jenkins-plugin plug-in, you must restart Jenkins for the plug-in to take effect.

Configure image scans

  1. Log on to Jenkins.
  2. Find the Jenkins Freestyle project whose images you want to scan and click the name of the project.
  3. In the left-side navigation pane, click Configure.
  4. On the page that appears, find the Build section and select Image vulnerability scan from the drop-down list.
  5. In the Image vulnerability scan section, configure the parameters. After you complete the configuration, the images in the Jenkins Freestyle project can be scanned.
    The following table describes the parameters.
    Parameter Description
    AccessKeyId The AccessKey ID of your Alibaba Cloud account or a RAM user of the Alibaba Cloud account.
    Note We recommend that you enter the AccessKey ID of a RAM user.
    AccessKeySecret The AccessKey secret of your Alibaba Cloud account or a RAM user of the Alibaba Cloud account.
    Note We recommend that you enter the AccessKey secret of a RAM user.
    Token A token of the CI/CD plug-in. For more information about how to obtain a token of the CI/CD plug-in, see Obtain a token of the CI/CD plug-in.
    ImageId The IDs of the images that you want to scan or the tag of the image repository to which the images belong.
    Domain Set the value to tds.ap-southeast-1.aliyuncs.com.
    RegistryUrl The URL of the image repository.
    Important If you want to scan the images in a remote image repository, you must configure this parameter.
    RegistryUsername The username used to log on to the image repository.
    Important If you want to scan the images in a remote image repository, you must configure this parameter.
    RegistryPwd The password used to log on to the image repository.
    Important If you want to scan the images in a remote image repository, you must configure this parameter.
  6. Click Save.
    After you complete the configuration, Security Center scans images in the project for risks when you build the project.

What to do next

View image scan results. For more information, see View image scan results.