Sysdig Documentation

Integrate Image Scanning into Development Pipeline

You have the option to use image scanning as part of your development pipeline, to check for best practices, vulnerabilities, and sensitive content.

Integrate with Jenkins

Sysdig has a plugin to integrate Sysdig image scanning into a Jenkins-based build process.

Install and Configure the Jenkins Plugin

The Sysdig Secure Jenkins Plugin documentation (at jenkins.io) describes:

  • Prerequisites

  • Obtaining the plugin

  • Necessary system configuration steps in the Jenkins UI

  • Adding Sysdig Secure Image Scanning as build step (in the Jenkins UI)

  • Configuring the actions to take on scanned builds (e.g. when to fail a build or issue a warning).

Obtain Scan Results in Jenkins

The Sysdig plugin generates a scan report listed in the Jenkins build list:

Click on the Sysdig Scanning Report to view the summary information and a list of policy checks and results.

Additional Solutions for other CI/CD Tools

Sysdig has also developed reference code for integrating into the build process using other CI/CD tools, such as Bamboo or GitLab.

These are not fully supported plugins, but rather examples and articles from which to build. They may be promoted as part of SysdigLabs.

This blog describes an integration solution with Atlassian Bamboo.