Clair

by jmccann

The Clair plugin submits your docker image to your Clair server to scan your docker image for security vulnerabilities.

The below pipeline configuration demonstrates simple usage:

pipeline:
  clair:
    image: jmccann/drone-clair:1
    url: http://clair.company.com
    username: johndoe
    password: mysecret
    scan_image: python:2.7

To verify https/ssl connections with a different CA certificate use ca_cert

pipeline:
  clair:
    image: jmccann/drone-clair:1
    url: http://clair.company.com
    username: johndoe
    password: mysecret
    scan_image: python:2.7
+   ca_cert: |
+     -----BEGIN CERTIFICATE-----
+     MII...
+     -----END CERTIFICATE-----

Secrets

Instead of configuring sensitive information in your .drone.yml file in plain text you can use Drone secrets and substitute the values at runtime using string replacement.

Please see the Drone documentation to learn more about secrets.

pipeline:
  clair:
    image: jmccann/drone-clair:1
    url: http://clair.company.com
-   username: johndoe
-   password: mysecret
+   username: ${DOCKER_USERNAME}
+   password: ${DOCKER_PASSWORD}
    scan_image: python:2.7

Parameter Reference

url
Clair server URL
username
Docker Registry username to download the scan_image from
password
Docker Registry password to download the scan_image from
scan_image
The docker image to scan. Supports Docker Hub or private repos.
ca_cert
The CA Cert to verify https with

这个网页有没有错误? 请让我们知道 或编辑 这个页面