Security features¶
Secure Coding¶
Jenkins X has direct support for some security analysis.
Anchore image scanning¶
The Anchore Engine is used to provide image security, by examining contents of containers either in pull request/review state, or on running containers.
This was introduced in this blog post. Here is a video demonstrating it live.
1 | jx create addon anchore |
To see if it found any problems in a specific environment:
1 | jx get cve --environment=staging
|
OWASP ZAP¶
ZAP or Zed Attack Proxy allows you to scan the public surface of your application for any known vulnerability.
1 | jx create addon owasp-zap |