arno
/
drone-clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b71fa6b455'
${ noResults }
drone-clair/DOCS.md

2.1 KiB
Raw Blame History

date title author tags repo logo image
2016-01-01T00:00:00+00:00 Clair jmccann
docker
security
jmccann/drone-clair clair.svg jmccann/drone-clair

The Clair plugin submits your docker image to your Clair server to scan your docker image for security vulnerabilities.

The below pipeline configuration demonstrates simple usage:

pipeline:
  clair:
    image: jmccann/drone-clair:1
    url: http://clair.company.com
    username: johndoe
    password: mysecret
    scan_image: python:2.7

To verify https/ssl connections with a different CA certificate use ca_cert

pipeline:
  clair:
    image: jmccann/drone-clair:1
    url: http://clair.company.com
    username: johndoe
    password: mysecret
    scan_image: python:2.7
+   ca_cert: |
+     -----BEGIN CERTIFICATE-----
+     MII...
+     -----END CERTIFICATE-----

Secrets

The Clair plugin supports reading credentials from the Drone secret store. This is strongly recommended instead of storing credentials in the pipeline configuration in plain text.

pipeline:
  clair:
    image: jmccann/drone-clair:1
    url: http://clair.company.com
-   username: johndoe
-   password: mysecret
    scan_image: python:2.7

The above username and password Yaml attributes can be replaced with the DOCKER_USERNAME and DOCKER_PASSWORD secret environment variables. Please see the Drone [documentation]({{< secret-link >}}) to learn more about secrets.

Secret Reference

DOCKER_USERNAME
paired with username - The username to authenticate to the docker registry with
DOCKER_PASSWORD
paired with password - The password to authenticate to the docker registry with
CLAIR_URL
paired with url - Clair server URL
CLAIR_CA_CERT
paired with ca_cert - The CA Cert to verify https with

Parameter Reference

url
Clair server URL
username
Docker Registry username to download the scan_image from
password
Docker Registry password to download the scan_image from
scan_image
The docker image to scan. Supports Docker Hub or private repos.
ca_cert
The CA Cert to verify https with