The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Amazon Inspector Scanner

View this plugin on the Plugins site

Amazon Inspector: Amazon Inspector Scan

  • archivePath : String

    Image Id Guidance:

    The image can be local, remote, or archived. Image names should follow the Docker naming convention.

    • Local or remote containers: NAME[:TAG|@DIGEST]
    • Tar file: /path/to/image.tar

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • artifactPath : String
  • archiveType : String
  • osArch : boolean
  • iamRole : String
  • awsRegion : String
  • credentialId : String

    Used inside the plugin to pull the password from Jenkins' credential store. Only required if the image being scanned is located in a private repository requiring credentials to access.

  • awsProfileName : String
  • awsCredentialId : String

    Optional. Allows you to specify AWS credentials explicitly instead of having them be pulled from your system. If this option is omitted, AWS credentials will be obtained via the default provider chain.

    Credentials must be added to the credential store as the "AWS Credentials" type.

    For more info: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default

  • sbomgenSelection : String

    Automatic (Recommended): Allows the plugin to download the most recently released version of inspector-sbomgen. This ensures you always have the latest features, security updates, and bug fixes. Requires selection of the operating system and CPU architecture in use.

    Manual: Requires a path to a pre-downloaded version of inspector-sbomgen to be supplied.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/sbom-generator.html

  • sbomgenPath : String
  • countCritical : int
  • countHigh : int
  • countMedium : int
  • countLow : int
  • oidcCredentialId : String
  • sbomgenSkipFiles : String

    Specifies a list of one or more files or directories to exclude from scanning. Each file path should be separated with commas, for example: build/, node_modules/, tests/

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • epssThreshold : double
  • isThresholdEnabled : boolean (optional)

    Specifies whether scanned vulnerabilities exceeding a value will cause a build failure. EPSS scores range from 0-1, enter a value between 0 and 1 (e.g., 0.6).

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

  • reportArtifactName : String (optional)

    Specify a custom name for the generated report artifact. This helps uniquely identify and manage reports, especially when building multiple images.

    For more info: https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.