I'm currently running anchore-scan pipe (0.2.15) to scan docker images, with the default pipe policy, so is there a way to break the pipeline if the report shows vulnerabilities ?
My pipeline definition is a step with these commands :
- docker build
- anchore-scan pipe
- docker push
For example i'm running a scan to a custom docker image, it founds 2 High vulnerabilities, so i want to break the pipeline, fix the vulnerabilities a then running one again.
@Eric Fiegehen sure, there is a way, you can execute bash code according to your needs.
But if it fails, why you'd like to push?
It is not recommended, but you can check $status and exit 0 even if there are vulnerabilties and make the report in after-script or before.
Also, if you have questions precisely about anchore, you have to contact the maintainer of the pipe, which you can find in pipe.yml file of the pipe
Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events