Prisma Cloud Administrator’s Guide (Compute)
    : Jenkins Maven project
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Administrator’s Guide (Compute)
    5. Continuous integration
    6. Jenkins Maven project
    Download PDF

    Prisma Cloud Administrator’s Guide (Compute)

    Jenkins Maven project

    Table of Contents

    Jenkins Maven project

    Create a Maven project that builds a Docker image and then scans it for vulnerability and compliance issues.

    Configuring Maven

    Configure Maven.
    1. Go to the Jenkins top page.
    2. Click Manage Jenkins.
    3. Select Global Tool Configuration.
    4. Scroll down to the Maven section (Not Maven Configuration), and click Add Maven.

    Setting up a Maven project for container images

    Set up a Jenkins Maven project.
    1. Go to the Jenkins top page.
    2. Create a new project.
      1. Click
        New Item
        .
      2. In
        Item
         name, enter a name for your project.
      3. Select
        Maven project
        .
      4. Click
        OK
        .
    3. Add a build step.
      1. Scroll down to the
        Pre steps
         section.
      2. In the
        Add pre-build step
         drop-down list, select
        Execute shell
        .
      3. In the
        Command
         text box, enter the following:
        echo "Creating Dockerfile..."
echo "FROM imiell/bad-dockerfile:latest" > Dockerfile
echo 'docker build --no-cache -t test/test-image:0.1 .' > build_image.sh
chmod +x build_image.sh

echo "Creating POM file..."
cat > pom.xml << EOF
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>groupId</groupId>
  <artifactId>artifactid</artifactId>
  <version>1.0-SNAPSHOT</version>
  <packaging>jar</packaging>
  <name>projectName</name>
  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  </properties>
  <build>

    <plugins>
      <plugin>
        <artifactId>exec-maven-plugin</artifactId>
        <groupId>org.codehaus.mojo</groupId>
        <executions>
          <execution>
            <id>Build Image</id>
            <phase>generate-sources</phase>
            <goals>
              <goal>exec</goal>
            </goals>
            <configuration>
              <executable>build_image.sh</executable>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>
EOF
    4. Add a build step that scans the container image(s) for vulnerabilities.
      1. In the
        Add build step
         drop-down list, select
        Scan Prisma Cloud Images
        .
      2. In the
        Image
         field, select the image to scan by specifying the repository and tag.
        If the image you want to scan is created outside of this build, or if you want to scan the image every build, even if the build might not generate an new image, then click
        Advanced
        , and select
        Ignore image creation time
        .
    5. Add a post-build action so that image scan results in Jenkins directly.
      This post-build step depends on a file generated by the previous scan build step, which holds the scan results. This step specifically makes the results available for review in the Jenkins build tool. Note that the previous scan step already published the results in Console, and they’re ready to be reviewed there.
      1. Scroll down to
        Post-build Actions
        .
      2. In the
        Add post-build action
         drop-down menu, select
        Publish Prisma Cloud analysis results
        .
      3. In the
        Scan Result Files
         field, accept the default.
        Scan result files aren’t deleted by the publish step. They stay in the workspace.
    6. Click
      Save
      .
    7. Click
      Build Now
      .
    8. After the build completes, examine the results. Scan reports are available in the following locations:
      • Prisma Cloud Console: Log into Console, and go to
        Monitor > Vulnerabilities > Images > CI
        .
      • Jenkins: Drill down into the build job, then click
        Image Vulnerabilities
         to see a detailed report.

    Setting up a Maven project for serverless functions

    The procedure for setting up Jenkins to scan serverless functions is similar to the procedure for container images, except you should use the
    Scan Prisma Cloud Functions
     build step.
    Where:
    • Function Path
       — Path to the ZIP archive of the function to scan.
    • Function Name
       — (Optional) String identifier for matching policy rules in Console with the functions being scanned. When creating policy rules in Console, you can target specific rules to specific functions by function name. If this field is left unspecified, the plugin matches the function to the first rule where the function name is a wildcard.
    • AWS CloudFormation template file
       — (Optional) Path to CloudFormation template file in either JSON or YAML format. Prisma Cloud scans the function source code for AWS service APIs being used, compares the APIs being used to the function permissions, and reports when functions have permissions for APIs they don’t need.
    After a build completes, you can view the scan reports in the following locations:
    • Prisma Cloud Console: Log into Console, and go to
      Monitor > Vulnerabilities > Functions > CI
      .
    • Jenkins: Drill down into the build job, then click
      Vulnerabilities
       to see a detailed report.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.