Jenkins Freestyle project

Jenkins Freestyle projects let you create general-purpose build jobs with maximum flexibility.

Setting up a Freestyle project

Create a test Freestyle project that builds a Docker image and then scans it for vulnerability and compliance issues.
  1. Go to the Jenkins top page.
  2. Create a new project.
    1. Click
      New Item
      .
    2. In
      Enter an item name
      , enter a name for your project.
    3. Select
      Freestyle project
      .
    4. Click
      OK
      .
  3. Add a build step.
    1. Scroll down to the
      Build
      section.
    2. In the
      Add build step
      drop-down list, select
      Execute shell
      .
    3. In the
      Command
      text box, enter the following:
      echo "Creating Dockerfile..." echo "FROM ubuntu:latest" > Dockerfile echo 'CMD ["/bin/bash", "sleep 240"]' >> Dockerfile docker build --no-cache -t dev/ubun2:test .
  4. Add a build step that scans the container images for vulnerabilities.
    1. In the
      Add build step
      drop-down list, select
      Scan Prisma Cloud Images
      .
    2. Choose an action to take if the image contains packages with vulnerabilities.
      Select a severity threshold (
      Low
      ,
      Medium
      ,
      High
      ) to fail the build if a vulnerability is found. Or select
      Never fail, only warn
      to allow the complete build process to proceed even if a vulnerability is found.
    3. Check
      Only fail builds when a vendor fix is available
      to ignore any vulnerabilities that do not have a fix. For example, if you select a threshold of
      High
      , and a package with a high severity vulnerability is found, but no fix is available in an updated package, the build will not be failed.
    4. Choose an action to take if the image has compliance issues.
      Select a severity threshold (
      Low
      ,
      Medium
      ,
      High
      ) to configure the build to fail if a compliance issue is found. For more information about how checks are scored, see CIS benchmarks.
      Select
      Never fail, only warn
      to allow the complete build process to complete even if there are compliance issues.
    5. In the
      Grace period
      field, specify an interval (in days) from when a vulnerability is discovered until when the threshold action is enforced.
      This mechanism eliminates the need for admins to temporarily whitelist a CVE and manually maintain a list of exemptions. Instead, you can automatically grant your development teams time to schedule and implement a fix.
    6. In the
      Image
      field, select the image to scan by specifying the repository and tag. You can use pattern matching expressions.
      For example, enter
      myimage:1.0
      If the image you want to scan is created outside of this build, or if you want to scan the image every build, even if the build might not generate an new image, then click
      Advanced
      , and select
      Ignore image creation time
      .
  5. Add a post-build action so that image scan results can be viewed in a Jenkins dashboard.
    1. Scroll down to
      Post-build Actions
      .
    2. In the
      Add post-build action
      dropdown menu, select
      Publish Prisma Cloud analysis results
      .
    3. In the
      Image
      field, select the image to report. You can use pattern matching expressions.
      For example, enter:
      myimage:1.0
  6. Click
    Save
    to save your project configuration.
  7. Click
    Build Now
    to start a build.
  8. After the build completes, examine the results. Scan reports are available in the following locations:
    • Prisma Cloud Console: Log into Console, and go to
      Monitor > Vulnerabilities > Jenkins Jobs
      .
    • Jenkins: Drill down into the build job, then click
      Vulnerabilities
      to see a detailed report.

Recommended For You