Kaspersky Endpoint Security 11 for Linux

Integration with Jenkins

December 12, 2023

ID 198031

Kaspersky Endpoint Security supports integration with Jenkins. Jenkins Pipeline plug-ins can be used to scan Docker images at different stages. For example, you can scan Docker images in a repository during the development process or before publishing.

To integrate Kaspersky Endpoint Security with Jenkins:

  1. Install Kaspersky Endpoint Security on a Jenkins node.
  2. Install Docker Engine on a Jenkins node.

    For details, please refer to the Docker Engine documentation.

  3. Grant the Kaspersky Endpoint Security administrator privileges to the Jenkins user:

    kesl-control --grant-role admin <Jenkins user name>

  4. Add a Jenkins user to the docker group:

    sudo usermod -aG docker <Jenkins user name>

    Usually the jenkins name is used.

  5. In Jenkins, create a new build job with the test name (New ItemEnter an item name).


  6. Configure your project, according to your needs. It is assumed that as a result, you have an image or a started container that you need to scan.
  7. To start the Docker container, add the following script to the Jenkins build procedure. If you use Jenkins plug-ins or another way to start Docker containers, save the ID of the running Docker container to the file /tmp/kesl_cs_info, for further scanning:



    echo "Start container from image: '${TEST_CONTAINER_IMAGE}'"

    CONTAINER_ID=$(docker run -d -v /storage:/storage ${TEST_CONTAINER_IMAGE} /storage/docker_process.sh)

    if [ -z "${CONTAINER_ID}" ] ; then

    echo "Cannot start container from image ${TEST_CONTAINER_IMAGE}"

    exit 1


    echo "${CONTAINER_ID}" > ${TMP_FILE}

    exit ${EXIT_CODE}


  8. After building the artifacts, add the following script to the steps to build the jenkins.

    This script supports one container for scanning. If necessary, modify the script according to your needs.



    if [ ! -f "${TMP_FILE}" ] ; then

    echo "Cannot find temporary file with container ID: '${TMP_FILE}'"

    exit 1



    if [ -z "${CONTAINER_ID}" ] ; then

    echo "Cannot find container ID in the temporary file: '${TMP_FILE}'"

    exit 1


    echo "Start anti-virus scan for: '${CONTAINER_ID}'"

    THREATS_AMOUNT=$(kesl-control --scan-container ${CONTAINER_ID}|grep 'Total detected objects'|awk '{print $5}')

    if [ "${THREATS_AMOUNT}" != "0" ] ; then

    echo "ATTENTION! ${THREATS_AMOUNT} threats detected at: '${CONTAINER_ID}'"



    echo "Not threats found"


    echo "Remove container: {${CONTAINER_ID}}"

    docker kill ${CONTAINER_ID}

    docker rm -f ${CONTAINER_ID}

    rm -f ${TMP_FILE}

  9. To scan a Docker image from a repository, use the following script:




    echo "Build image from ${DOCKER_FILE}"


    if [ -f ${DOCKER_FILE_FETCHED} ] ; then

    echo "Dockerfile fetched: ${DOCKER_FILE_FETCHED}"


    echo "Dockerfile not fetched"

    exit 1


    docker build -f ${DOCKER_FILE_FETCHED} -t ${TEST_IMAGE_NAME} .

    echo "Scan docker image"

    SCAN_RESULT=$(/opt/kaspersky/kesl/bin/kesl-control --scan-container ${TEST_IMAGE_NAME}*)

    echo "Scan done: "

    echo $SCAN_RESULT

  10. Save the build job.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.