From version 1.6.2.3 onwards, Qualys Container Scanning Connector for Bamboo will support,
1. Execution of the Qualys task from Plan Branches
2. Using Qualys task in Bamboo spec with YAML along with the Bamboo classic pipeline
From version 1.6.2.3 onwards, Qualys Container Scanning Connector for Bamboo will support,
1. Execution of the Qualys task from Plan Branches
2. Using Qualys task in Bamboo spec with YAML along with the Bamboo classic pipeline
Bug Fixes and Improvements
1. Fetched scan results are now filtered by 'lastScanned' of the image
2. Plugin will now verify if Qualys sensor is running or not and whether it is installed in 'CICD' mode.
3. In a scenario when multiple images are configured and build timeout is reached for few images without receiving any scan data, the plugin will generate scan results for the images for which it has received scan data before timeout.
4. Plugin is now using v1.3 of CS APIs
5. Miscellaneous Bug fixes
1. We now support latest Bamboo server versions: v6.10.5 and v7.0.3.
2.We now support Qualys Gateway APIs for API requests.
3. You can now use regular expressions for defining search pattern in the “Fail with any of these Softwares” condition.
4. On the Scan Report page, in the report header, we added a new field “Scan Report” that will show a link that you can click to view the image summary on Qualys Portal.
5. The plugin API request for fetching the container images data will fail if it is unable to find a container image for tagging and respective images details in your account on Qualys Portal.
6. The CS Reports tab will be visible only if the step 'Scan Container Images with Qualys CS' is added and successful scan results are generated by the Qualys Container Scanning Connector for Bamboo.
You can now install the Docker image Vulnerability Analysis Plugin for Bamboo on 6.10.X Bamboo Server versions:- 6.10.4, 6.10.3, 6.10.2
1. You can now provide CVSSv2 or CVSSv3 base scores as criteria to fail a docker image build. The build will be evaluated against the CVSS scores and will fail if vulnerabilities are found with CVSS scores greater than or equal to the specified score.
2. The test connection API used to check Bamboo Plugin connectivity to Qualys has been updated.
1. Scan Images By Name - Docker Image(s) name can be given as input to plugin now. Yet the older functionality of image Ids is still supported.
2. Major Enhancement : Continue polling API even when plugin gets HTTP 5xx from server
1.4.3.0:
1.4.2.0