Jenkins Freestyle project
Jenkins Freestyle projects let you create general-purpose build jobs with maximum flexibility.
Setting up a Freestyle project for container images
Create a Freestyle project that builds a Docker image and then scans it for vulnerability and compliance issues.
- Go to the Jenkins top page.
- Create a new project.
- ClickNew Item.
- InEnter an item name, enter a name for your project.
- SelectFreestyle project.
- Add a build step.
- Scroll down to theBuildsection.
- In theAdd build stepdrop-down list, selectExecute shell.
- In theCommandtext box, enter the following:echo "Creating Dockerfile..." echo "FROM imiell/bad-dockerfile:latest" > Dockerfile docker build --no-cache -t test/test-image:0.1 .
- Add a build step that scans the container image(s) for vulnerabilities.
- In theAdd build stepdrop-down list, selectScan Prisma Cloud Images.
- In theImagefield, select the image to scan by specifying the repository and tag.Use pattern matching expressions. For example, enter test/test-image*.Select the followingAdvanced settingsfor specific scenarios.
- SelectIgnore image creation time.
- To scan an image created outside of this build.
- To scan the image every build, even if the build might doesn’t generate an new image.
- SelectScan the image every build, even if it hasn’t changed since the last build
- To avoid errors after the first time you create the Docker image.
- Add a post-build action to publish the scan results in Jenkins directly.This post-build step depends on a file generated by the previous scan build step, which holds the scan results. This step specifically makes the results available for review in the Jenkins build tool. Note that the previous scan step already published the results in Console, and they’re ready to be reviewed there.
- Scroll down toPost-build Actions.
- In theAdd post-build actiondrop-down menu, selectPublish Prisma Cloud analysis results.
- InScan Result Files, accept the default.Scan result files aren’t deleted by the publish step. They stay in the workspace.
- ClickBuild Now.
- After the build completes, examine the results. Scan reports are available in the following locations:
- Prisma Cloud Console: Log into Console, and go toMonitor > Vulnerabilities > Images > CI.
- Jenkins: Drill down into the build job, then clickImage Vulnerabilitiesto see a detailed report.
Setting up a Freestyle project for serverless functions
The procedure for setting up Jenkins to scan serverless functions is similar to the procedure for container images, except you should use the
Scan Prisma Cloud Functionsbuild step.
- Function Path— Path to the ZIP archive of the function to scan.
- Function Name— (Optional) String identifier for matching policy rules in Console with the functions being scanned. When creating policy rules in Console, you can target specific rules to specific functions by function name. If this field is left unspecified, the plugin matches the function to the first rule where the function name is a wildcard.
- AWS CloudFormation template file— (Optional) Path to CloudFormation template file in either JSON or YAML format. Prisma Cloud scans the function source code for AWS service APIs being used, compares the APIs being used to the function permissions, and reports when functions have permissions for APIs they don’t need.