Sysdig Secure Image ScanningScan images with Sysdig Secure as part of your development pipeline. This extension is now unpublished from Marketplace. You can choose to uninstall it. |
Important Support InformationNotwithstanding anything that may be contained to the contrary in your agreement(s) with Sysdig, Sysdig provides no support, and no warranty or guarantee of any kind with respect to these script(s), including as to their functionality or their ability to work in your environment(s). Sysdig disclaims all liability and responsibility with respect to any use of these scripts. Sysdig Secure Task Extension for Azure DevOps PipelinesSysdig Secure is part of Sysdig’s container intelligence platform. Sysdig uses a unified platform to deliver security, monitoring, and forensics in a cloud, container and microservices-friendly architecture integrated with Docker and Kubernetes. Sysdig Secure takes a services-aware approach to protect workloads while bringing deep cloud and container visibility, posture management (compliance, benchmarks, CIEM), vulnerability scanning, forensics and threat detection and blocking. This extension provides integration with Sysdig Secure to scan container images within the Azure DevOps pipeline. Pre-requisitesYou will require a valid Sysdig Secure API token. Task usageDefault behaviourBy default, the task will simply scan a local image using Sysdig Vulnerability Management Engine (https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline). The task will output the known vulnerabilities and overall policy results of the image scan as well as send the reports to Sysdig Secure for detailed review. Under default behavior, the pipeline will not fail when the container failes the Sysdig Secure defined policies. Example yaml: Failing the pipelineIn order to fail the pipeline when Sysdig Secure returns a Example yaml: Policy EvaluationIn order to explicitly evaluate one or more policies use the Example yaml: Using a Web ProxyIn order use the extension from behind a proxy ensure your agents have been configured accroding to the following - https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/proxy?view=azure-devops&tabs=unix Then configure the extenstion to use these settings by setting Example yaml: Example azure-pipelines.yamlThe below provides an example of a local image build which integrates with Sysdig Secure
to scan the image. It will also fail the build if the Sysdig Secure policy scan returns a Legacy Image Scanning EngineAs of April 20, 2022, Sysdig offers both a Legacy Scanner engine and the newer Vulnerability Management engine which is used by default. (https://docs.sysdig.com/en/docs/sysdig-secure/scanning/new-scanning-engine/) In order to use the Legacy Image Scanning Engine in your pipeline, set the More InformationFor documentation on Sysdig Secure, including policy and capabilities see the Sysdig Secure Documentation |