Add an Jenkins pipeline example

[blueskyson]

Trivy is really useful in CI/CD but there is no Jenkins integration in the document. I saw #257 requests a Jenkins plugin. Though I don't know how to write a Jenkins Plugin, I wrote an example Jenkins Pipeline that generates and publishes the report in HTML. Maybe I can add this somewhere in the document?

pipeline {
  agent any
  parameters {
    string(name: 'REGISTRY_NAME', defaultValue: '', description: 'Registry Name (Can be empty)')
    string(name: 'IMAGE_NAME', defaultValue: '', description: 'Image Name')
    string(name: 'IMAGE_TAG', defaultValue: '', description: 'Image Tag')
  }
  stages {
    stage('Scan Docker Image') {
      steps {
        script {
          def formatOption = "--format template --template \"@/usr/local/share/trivy/templates/html.tpl\""
          def imageFullName = null
          if (params.REGISTRY_NAME == '') {
            imageFullName = "$IMAGE_NAME:$IMAGE_TAG"
          } else {
            imageFullName = "$REGISTRY_NAME/$IMAGE_NAME:$IMAGE_TAG"
          }
          sh """
            trivy image $imageFullName $formatOption --timeout 10m --output report.html || true
          """
        }

        publishHTML(target: [
          allowMissing: true,
          alwaysLinkToLastBuild: false,
          keepAll: true,
          reportDir: ".",
          reportFiles: "report.html",
          reportName: "Trivy Report",
        ])
      }
    }
  }
}

Screen shots of this example pipeline:

[AnaisUrlichs]

Hi there, sorry, I didn't see this before. I changed the discussion topic from "Show and Tell" to development.
It's great.

There are two ways that we could add this to the docs (also dependent on how much you want to be involved in updates, changes, etc.) -- you can do either of them or both of them, I would suggest both of them :)

1. You could create a repository on your GitHub account that says "trivy-jenkins" or something like that, with a README and the resources you shared above.
   Next, you can add that repo as a community project here: https://aquasecurity.github.io/trivy/v0.38/ecosystem/cicd/
2. You can also add the resource here: https://aquasecurity.github.io/trivy/v0.38/tutorials/integrations/
   either directly the resource, like done for CircleCI or you reference your repository https://aquasecurity.github.io/trivy/v0.38/tutorials/integrations/circleci/ -- however, here it would be great if you describe the steps for people to use your Jenkins plugin, similar to how you would describe it in your README if you are not doing step 1

Please let me know if I can help with anything :)

[blueskyson]

Thanks, I may implement the second suggestion soon.

[umaromk]

can we have something like , if the severity is high then jenkins job should fail

[mcouillard]

Yes, you can fail a job by adding these parameters: --exit-code 1 --severity HIGH,CRITICAL

[Jeansen]

I like the above suggestion. Works like a charm given one has also set a resource location in Jenkins so CSP works fine. Otherwise the report looks quite ugly ....