lynis
lynis copied to clipboard
Best practice Guide: Howto integrate lynis into a CI/CD Pipeline?
Hi,
TL;DR: Jenkinsfile -> Step -> lynis -> vulnerability discovered -> meh -> create ticket / update documentation, something like that.
i just discovered your awesome cli tool. For me it looks very promising to bring transparency of the vulnerabilites i gonna deploy :D
Currently i use Jenkins to run packer to build an image for a IaaS environment. I was wondering if i could implement a Jenkins step to scan my image for any vulneratbilites which i need to be aware of.
So do you have any recommendation on howto implement such a pipeline with useful status or reporting function into confluence or jira?
Best regards, snooops
Hi there!
We have no specific recommendation, except the smart use of the exit state of Lynis and leverage the output of lynis-report.dat. Generally you can create anything you like by just a few one-liners.
If you finished setting up something, then we love to hear. We are working on the documentation regarding integrations.