arno
/
drone-clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
drone-clair/DOCS.md

89 lines
2.1 KiB
Raw Permalink Blame History

---
date: 2016-01-01T00:00:00+00:00
title: Clair
author: jmccann
tags: [ docker, security ]
repo: jmccann/drone-clair
logo: clair.svg
image: jmccann/drone-clair
---
The Clair plugin submits your docker image to your [Clair](https://github.com/coreos/clair)
server to scan your docker image for security vulnerabilities.
The below pipeline configuration demonstrates simple usage:
```yaml
pipeline:
clair:
image: jmccann/drone-clair:1
url: http://clair.company.com
username: johndoe
password: mysecret
scan_image: python:2.7
```
To verify https/ssl connections with a different CA certificate use `ca_cert`
```diff
pipeline:
clair:
image: jmccann/drone-clair:1
url: http://clair.company.com
username: johndoe
password: mysecret
scan_image: python:2.7
+ ca_cert: |
+ -----BEGIN CERTIFICATE-----
+ MII...
+ -----END CERTIFICATE-----
```
# Secrets
The Clair plugin supports reading credentials from the Drone secret store. This is strongly recommended instead of storing credentials in the pipeline configuration in plain text.
```diff
pipeline:
clair:
image: jmccann/drone-clair:1
url: http://clair.company.com
- username: johndoe
- password: mysecret
scan_image: python:2.7
```
The above `username` and `password` Yaml attributes can be replaced with the `DOCKER_USERNAME` and `DOCKER_PASSWORD` secret environment variables.
Please see the Drone [documentation]({{< secret-link >}}) to learn more about secrets.
# Secret Reference
DOCKER_USERNAME
: paired with `username` - The username to authenticate to the docker registry with
DOCKER_PASSWORD
: paired with `password` - The password to authenticate to the docker registry with
CLAIR_URL
: paired with `url` - Clair server URL
CLAIR_CA_CERT
: paired with `ca_cert` - The CA Cert to verify https with
# Parameter Reference
url
: Clair server URL
username
: Docker Registry username to download the `scan_image` from
password
: Docker Registry password to download the `scan_image` from
scan_image
: The docker image to scan. Supports Docker Hub or private repos.
ca_cert
: The CA Cert to verify https with
Reference in new issue View Git Blame Copy Permalink