Skip to content

The Google Analyze Code Security plugin for Jenkins identifies insecure configurations in Infrastructure as Code (IaC) files for Google Cloud resources

License

Notifications You must be signed in to change notification settings

jenkinsci/google-analyze-code-security-plugin

Repository files navigation

Jenkins Google Analyze Code Security Plugin

Description

The Google Analyze Code Security plugin for Jenkins identifies insecure configurations in Infrastructure as Code (IaC) files for Google Cloud resources. This plugin requires Terraform plan files in JSON format for scanning.

Use this plugin to detect and remediate issues in IaC files for Google Cloud before you deploy the resources.

This plugin lets you:

  • Scan IaC template files (such as Terraform plan files).
  • Display issues with their severity as a HTML Report in the Jenkins console after a scan completes.
  • Define severity-based failure criteria for passing or failing the build.

Note : This is a Security Command Center Premium tier offering for subscription customers only. You must activate the Security Command Center Premium tier in the Google Cloud organization to use this feature.

Documentation

For more information, see the Google Analyze Code Security Plugin usage documentation.

Installation

  1. In the Jenkins console, click Manage Jenkins > Manage Plugins.
  2. (Optional) To verify that the plugin manager has updated data, click Check now.
  3. In the Plugin Manager, click the Available tab and look for Google Analyze Code Security.
  4. Select the box in the Install column and click Install without restart.
  5. If the plugin doesn’t appear as Available, make sure it appears under Installed and is enabled.

Plugin Source Build Installation

To build and install the plugin from source files, see Plugin Source Build Installation.

Feature Requests and Bug Reports

For feature requests and bug reports, file a GitHub issue.

Community

To access the Google Cloud community on Jenkins, use the #gcp-jenkins Slack channel on https://googlecloud-community.slack.com. You can use this channel to ask questions and share feedback. For an invitation link, see gcp-slack.

License

See LICENSE

Contributing

See CONTRIBUTING.md

About

The Google Analyze Code Security plugin for Jenkins identifies insecure configurations in Infrastructure as Code (IaC) files for Google Cloud resources

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •