Added a better example of jenkins with cli (#35)

Author: e-minguez

jenkins/new-scan-engine/Jenkinsfile-jenkins-plugin

@@ -3,6 +3,7 @@ pipeline {
     image = "docker.io/myawesomecompany/myawesomeimage" + ":$BUILD_NUMBER"
     registryCredential = "registry-credentials"
     repository = 'https://github.com/sysdiglabs/secure-inline-scan-examples.git'
+    api_endpoint = 'https://eu1.app.sysdig.com'
     myimage = ''
   }
   agent any
@@ -21,7 +22,7 @@ pipeline {
     }
     stage('Scanning Image') {
         steps {
-            sysdigImageScan engineCredentialsId: 'sysdig-secure-api-token', imageName: "docker://" + image, engineURL: 'https://eu1.app.sysdig.com'
+            sysdigImageScan engineCredentialsId: 'sysdig-secure-api-token', imageName: "docker://" + image, engineURL: api_endpoint
         }
     }
     stage('Deploy Image') {

jenkins/new-scan-engine/Jenkinsfile-sysdig-cli-scanner

@@ -1,18 +1,44 @@
 pipeline {
-    agent any
 
-    stages {
-        stage('Scan image') {
-            steps {
-                withCredentials([usernamePassword(credentialsId: 'sysdig-secure-api-credentials', passwordVariable: 'SECURE_API_TOKEN', usernameVariable: '')]) {
+    parameters { 
+        string(name: 'DOCKER_REPOSITORY', defaultValue: 'sysdigcicd/cronagent', description: 'Name of the image to be built (e.g.: sysdiglabs/dummy-vuln-app)') 
+        string(name: 'GIT_REPOSITORY', defaultValue: 'https://github.com/sysdiglabs/secure-inline-scan-examples.git', description: 'Name of the repository with the Dockerfile to be built (e.g.: https://github.com/sysdiglabs/secure-inline-scan-examples.git)') 
+        string(name: 'SYSDIG_ENDPOINT', defaultValue: 'https://eu1.app.sysdig.com', description: 'The appropriate Sysdig vulnerability scanning endpoint depending on your region, see https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges (e.g.: https://github.com/sysdiglabs/secure-inline-scan-examples.git)') 
+    }
+
+  agent any
+  stages {
+    stage('Cloning Git') {
+      steps {
+        git branch: 'main', url: "${params.GIT_REPOSITORY}"
+      }
+    }
+    stage('Build Image') {
+      steps {
+          sh "docker build -f ./jenkins/new-scan-engine/Dockerfile -t ${DOCKER_REPOSITORY} ./jenkins/new-scan-engine/"
+        }
+    }
+    stage('Scan image') {
+      steps {
+        withCredentials([usernamePassword(credentialsId: 'sysdig-secure-api-token', passwordVariable: 'SECURE_API_TOKEN', usernameVariable: '')]) {
+          sh '''
+            VERSION=$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)
+            curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${VERSION}/linux/amd64/sysdig-cli-scanner"
+            chmod +x ./sysdig-cli-scanner
+            ./sysdig-cli-scanner --apiurl ${SYSDIG_ENDPOINT} docker://${DOCKER_REPOSITORY}
+            '''
+        }
+      }
+    }
+    stage('Push Image') {
+
+      steps {
+        withCredentials([usernamePassword(credentialsId: 'registry-credentials', passwordVariable: 'password', usernameVariable: 'username')]){
                     sh '''
-                        VERSION=$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)
-                        curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${VERSION}/linux/amd64/sysdig-cli-scanner"
-                        chmod +x ./sysdig-cli-scanner
-                        ./sysdig-cli-scanner --apiurl https://secure.sysdig.com mongo-express:0.54.0
+                        docker login -u ${username} -p ${password}
+                        docker push ${DOCKER_REPOSITORY}
                     '''
-                }
-            }
-        }
+                }        }
+    }
     }
 }

jenkins/new-scan-engine/README.md

@@ -9,11 +9,11 @@ There are two different approaches if using Jenkins to scan container images for
 
 This [example pipeline](Jenkinsfile-sysdig-cli-scanner) shows how to download and execute the new inline scanner to scan an image.
 
-It requires to configure a Jenkins credential `sysdig-secure-api-credentials` to store the Sysdig Token (as password)
+It requires to configure a Jenkins credential `sysdig-secure-api-token` to store the Sysdig Token (as password)
 
 ![Screenshot of Jenkins UI](https://github.com/jenkinsci/sysdig-secure-plugin/raw/main/docs/images/SysdigTokenConfiguration.png)
 
-Then the scan is performed by downloading the `sysdig-cli-scanner` tool against the `mongo-express:0.54.0` example image.
+Then the scan is performed by downloading the `sysdig-cli-scanner` tool against the example image.
 
 For a more elaborated example, see the [GitHub](../../github/new-scan-engine/README.md) example.
 
@@ -29,5 +29,6 @@ The [example pipeline](Jenkinsfile-jenkins-plugin) shows how to use it to build
 
 Both approaches require a couple of things:
 
-* A valid Sysdig Secure API token
-* Have access to the image storage, either to the local storage where the image was created or to the registry where it is stored.
+* A valid Sysdig Secure API token.
+* Have access to the image storage, either to the local storage where the image was created or to the registry where it is stored.
+* The appropriate Sysdig vulnerability scanning endpoint depending on your region, see [the official documentation](https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges).