When you install the CI/CD plug-in of Security Center on Jenkins or GitHub, you must specify a token of the plug-in and the AccessKey pair of an Alibaba Cloud account or a RAM user. This topic describes how to obtain a token of the CI/CD plug-in, create a RAM user, and grant the RAM user the permissions to use container image scan of Security Center.

Obtain a token

  1. Log on to the Security Center console.In the left-side navigation pane, click Assets.
  2. On the Assets page, click the Container tab and click the CI/CD tab. Then, click Integration Configuration.
  3. In the Integration Configuration panel, click Add token, enter a name for the token, and then click OK. The name can be up to 64 characters in length.
    The information about the token is displayed in the list of the Integration Configuration panel. You can view and obtain the token in the Token column.

Create a RAM user and grant permissions to the RAM user

  1. Create a RAM user and grant the RAM user the permissions to use container image scan of Security Center. For more information, see Create a RAM user.
    Note When you create the RAM user, you must select OpenAPI Access in the Access Mode section.
  2. Create a policy that defines the permissions to use container image scan of Security Center. For more information, see Create a custom policy on the JSON tab.
    Copy the following policy document to the code editor on the JSON tab:
    {
      "Version": "1",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "yundun-sas:CreateJenkinsImageScanTask",
            "yundun-sas:ListImageAnalysisRuleProject",
            "yundun-sas:SubmitImageAnalysisOutput",
            "yundun-sas:UpdateJenkinsImageScanTaskStatus",
            "yundun-sas:UploadAnalyzerRuntimeLog",
            "yundun-sas:CreateBatchUploadURL"
          ],
          "Resource": "*"
        }
      ]
    }
  3. Attach the policy to the RAM user that you created. For more information, see Grant permissions to a RAM user.