Adding multiple docker images in jenkins pipeline to scan security vulnerabilities using Anchore Engine

I have been trying to integrate Anchore engine with Jenkins pipeline in order to scan multiple docker images using Jenkins CICD pipeline. I have done some research but I couldn’t find any resources that would give me some hints to make my Jenkins CI server scan multiple docker images at once using Anchore engine. I tested different ways to scan multiple docker images in both Jenkins freestyle and pipeline projects but every time I run jenkins build, scan result gives a report for only one image.

Jenkins with docker has been configured and integrated in CICD pipeline in order to build docker images. Docker version of Anchore Engine is also installed using docker-compose.yml after downloaded from “https://anchore.com/docker-image-security-in-5-minutes-or-less/“.

Freestyle Project shell script:


echo "my-ecr-repo/image1" > anchore_image1
echo "my-ecr-repo/image2" > anchore_image2

Pipeline Project:



pipeline {
    agent any
    tools {
        nodejs "NodeJS-GlobalConfiguration"
    }
    options {
        skipStagesAfterUnstable()
    }
    stages {
        stage ('scan image') {
            steps{
                script {
                def imageName1 = 'my-ecr-repo/image1'
                writeFile file: 'anchore_image1', text: imageName1
                anchore name: 'anchore_image1'
                }
            }
            steps{
                script {
                def imageName2 = 'my-ecr-repo/image2'
                writeFile file: 'anchore_image1', text: imageName2
                anchore name: 'anchore_image2'
                }
            }

        }

    } 

}



“I expect to see multiple Anchore Engine image scan reports in one jenkins build, but I am only seeing only one image scan report instead of multiple images.”

Source: StackOverflow