Clair
The example Yaml configurations in this file are using the legacy 0.8 syntax. If you are using Drone 1.0 or Drone Cloud please ensure you use the appropriate 1.0 syntax. Learn more here.
The Clair plugin submits your docker image to your Clair server to scan your docker image for security vulnerabilities.
The below pipeline configuration demonstrates simple usage:
pipeline:
clair:
image: jmccann/drone-clair:1
url: http://clair.company.com
username: johndoe
password: mysecret
scan_image: python:2.7
To verify https/ssl connections with a different CA certificate use ca_cert
pipeline:
clair:
image: jmccann/drone-clair:1
url: http://clair.company.com
username: johndoe
password: mysecret
scan_image: python:2.7
+ ca_cert: |
+ -----BEGIN CERTIFICATE-----
+ MII...
+ -----END CERTIFICATE-----
Secrets
Instead of configuring sensitive information in your .drone.yml
file in
plain text you can use Drone secrets and substitute the values at runtime using
string replacement.
Please see the Drone documentation to learn more about secrets.
pipeline:
clair:
image: jmccann/drone-clair:1
url: http://clair.company.com
- username: johndoe
- password: mysecret
+ username: ${DOCKER_USERNAME}
+ password: ${DOCKER_PASSWORD}
scan_image: python:2.7
Parameter Reference
- url
- Clair server URL
- username
- Docker Registry username to download the
scan_image
from - password
- Docker Registry password to download the
scan_image
from - scan_image
- The docker image to scan. Supports Docker Hub or private repos.
- ca_cert
- The CA Cert to verify https with