Hi,

My pipeline has multiple stages and each stage creates a docker image.

there are two issues, first at the end of the pipeline I end up having 3 separate 'Achore reports' but they all have the same data (the Achore Policy Evaluation Report has the results for the 3 scans). Second, the 'Anchore Policy Evaluation Summary' shows the same image for the 3 different 'Anchore reports'

The pipeline process is something like

• Create base image
• Create Builder image
• Create Runner image

I check each image after each stage (so that it fails if one of them had issues)

I run

anchore(name: IMAGES_FILE_PATH, engineRetries: '1000', forceAnalyze: true,
policyBundleId: 'policyName')

I tried using different names for the IMAGES_FILE_PATH but it yields the same problems

it would be nice if each report only had the information about that one image

Sorry if I didnt provided enough details, I would be happy to add more info

Thanks!

Edit:

Kind of related stack overflow issue

https://stackoverflow.com/questions/57367074/adding-multiple-docker-images-in-jenkins-pipeline-to-scan-security-vulnerabiliti

with the exception that I cant wait until the end to scan the images