TOC & Recently Viewed

Recently Viewed Topics

CircleCI

Before You Begin

These instructions describe how to push a Docker image from CircleCI to Tenable.io Container Security.

These steps assume you are already comfortable using CircleCI and are already pushing Docker images to a public or private registry. If you are already using CircleCI, but have not built Docker container images, familiarize yourself with the CircleCI documentation Continuous Integration and Delivery with Docker.

ClosedClick here for information about the circle.yml file.

If you are using CircleCI to build Docker container images, you should have a circle.yml file in your project source control repository that looks similar to the following example:

machine:

services:

- docker

 

dependencies:

override:

- docker info

- docker build -t circleci/elasticsearch .

 

test:

override:

- docker run -d -p 9200:9200 circleci/elasticsearch; sleep 10

- curl --retry 10 --retry-delay 5 -v http://localhost:9200

 

deployment:

hub:

branch: master

commands:

- docker push circleci/elasticsearch

The following lines in circle.yml instruct CircleCI to leverage Docker for the build process:

machine:

services:

- docker

The following lines in circle.yml instruct CircleCI to build the elasticsearch image in the circleci/ repository:

dependencies:

override:

- docker info

- docker build -t circleci/elasticsearch .

The following are the most important lines for adding Tenable.io Container Security integration to CircleCI environments. These lines instruct CircleCI to use Docker to log in to the registry (in this case to Docker Hub, since no private registry is specified) and push cicleci/elasticsearch to the registry:

deployment:

hub:

branch: master

commands:

- docker login -u $DOCKER_USER -p $DOCKER_PASS

- docker push circleci/elasticsearch

Steps

  1. To add environment variables for the project in the CircleCI console, open the project, click Project Settings, then click Environment Variables.

  2. Define the following variables:

    Variable

    Description

    TENABLE_IO_CONTAINER_SECURITY_EMAIL

    The email that you use to log in to Tenable.io Container Security.

    TENABLE_IO_CONTAINER_SECURITY_USER

    The user name that you use to log in to Tenable.io Container Security. You can find this on the Settings page in Tenable.io Container Security.

    TENABLE_IO_CONTAINER_SECURITY_ENDPOINT

    For hosted cloud users of Tenable.io Container Security, this value is registry.cloud.tenable.com.

  3. To add support for Tenable.io Container Security, update the circle.yml file as follows:

    machine:

    environment:

    VERSION: 2.1.1

    TAG: ${VERSION}

    services:

    - docker

     

    dependencies:

    override:

    - docker info

    - docker version

    - docker build -t $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch .

     

    test:

    override:

    - docker run -d -p 9200:9200 $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch; sleep 10

    - curl --retry 10 --retry-delay 5 -v registry.cloud.tenable.com

     

    deployment:

    hub:

    branch: master

    commands:

    - docker login -u $TENABLE_IO_ACCESS_KEY -p $TENABLE_IO_SECRET_KEY

    - docker tag $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch:${TAG}

    - docker push $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch:${TAG}

    - docker logout

    CircleCI builds are sent to Tenable.io Container Security for storage, distribution, vulnerability scanning, and malicious code scanning.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.