Azure DevOps
Scan for Vulnerabilities in the Azure DevOps Build Pipeline
The SUSE® Security scanner can be triggered from the Azure DevOps pipeline by using the SUSE® Security extension published in the Azure DevOps Marketplace.
The extension supports both remote and local scanning where the SUSE® Security controller can remotely scan an image in a registry during the build, or dynamically start a local controller to scan the image on the Azure agent vm.
In addition, make sure there is a SUSE® Security scanner container deployed and configured to connect to the Allinone or Controller. In 4.0 and later, the neuvector/scanner container must be deployed separate from the allinone or controller.
-
Scan image with SUSE® Security task integrates the SUSE® Security vulnerability scanner into an Azure DevOps Pipeline.
-
Perform vulnerability scans of a container image after the image build on an external SUSE® Security controller instance or on a local SUSE® Security controller instance which is running in service container inside a pipeline.
-
Define thresholds for failing builds based on the number of detected vulnerabilities of different severities.
-
Provide a detailed report of an image scan for analysis in the build summary tab.
-
External SUSE® Security controller instances are defined as service endpoints to decouple build pipeline definitions from connection parameters and credentials.
An overview with sample screens can be found at https://marketplace.visualstudio.com/items?itemName=NeuVector.neuvector-vsts.