[英]Google Artifact Registry and Jenkins: prevent deploy containers with high or critical vulnerabilities
I have a Jenkins Pipeline that is building a container image and is pushing it to Google Artifact Registry successfully.我有一个 Jenkins 管道正在构建容器映像并将其成功推送到 Google Artifact Registry。 I have another job that takes the image tag and can deploy it into the K8s cluster, but for security reasons I need to include in my pipeline a step that reviews the vulnerabilities from the artifact registry scan and prevent the deployment if there are high or critical vulnerabilities, what would be the best option for accomplish with it?
我有另一个工作需要图像标记并将其部署到 K8s 集群中,但出于安全原因,我需要在我的管道中包含一个步骤,该步骤检查来自工件注册表扫描的漏洞,并在存在高或严重的情况下阻止部署漏洞,用它完成的最佳选择是什么?
I solved it with the use of SDK: https://cloud.google.com/sdk/gcloud/reference/artifacts/docker/images/describe我使用 SDK 解决了这个问题: https://cloud.google.com/sdk/gcloud/reference/artifacts/docker/images/describe
Just used: gcloud artifacts docker images describe IMAGE --show-package-vulnerability刚刚用过:gcloud artifacts docker images describe IMAGE --show-package-vulnerability
Note that the service account we are using in jenkins should get the appropriate permissions.请注意,我们在 jenkins 中使用的服务帐户应该获得适当的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.