Security features

Secure Coding

Jenkins X has direct support for some security analysis.

Anchore image scanning

The Anchore Engine is used to provide image security, by examining contents of containers either in pull request/review state, or on running containers.

This was introduced in this blog post. Here is a video demonstrating it live.

1
jx create addon anchore

To see if it found any problems in a specific environment:

1
jx get cve --environment=staging

OWASP ZAP

ZAP or Zed Attack Proxy allows you to scan the public surface of your application for any known vulnerability.

1
jx create addon owasp-zap