Hello guys,
I'm currently running anchore-scan pipe (0.2.15) to scan docker images, with the default pipe policy, so is there a way to break the pipeline if the report shows vulnerabilities ?
My pipeline definition is a step with these commands :
- docker build
- anchore-scan pipe
- docker push
For example i'm running a scan to a custom docker image, it founds 2 High vulnerabilities, so i want to break the pipeline, fix the vulnerabilities a then running one again.
Thanks,
@Eric Fiegehen sure, there is a way, you can execute bash code according to your needs.
But if it fails, why you'd like to push?
It is not recommended, but you can check $status and exit 0 even if there are vulnerabilties and make the report in after-script or before.
Also, if you have questions precisely about anchore, you have to contact the maintainer of the pipe, which you can find in pipe.yml file of the pipe
Regards, Galyna
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.