Best practice Guide: Howto integrate lynis into a CI/CD Pipeline?

[snooops]

Hi,

TL;DR: Jenkinsfile -> Step -> lynis -> vulnerability discovered -> meh -> create ticket / update documentation, something like that.

i just discovered your awesome cli tool. For me it looks very promising to bring transparency of the vulnerabilites i gonna deploy :D

Currently i use Jenkins to run packer to build an image for a IaaS environment. I was wondering if i could implement a Jenkins step to scan my image for any vulneratbilites which i need to be aware of.

So do you have any recommendation on howto implement such a pipeline with useful status or reporting function into confluence or jira?

Best regards, snooops

[mboelen]

Hi there!

We have no specific recommendation, except the smart use of the exit state of Lynis and leverage the output of lynis-report.dat. Generally you can create anything you like by just a few one-liners.

If you finished setting up something, then we love to hear. We are working on the documentation regarding integrations.