Use GitLab Container Scanning v4 instead of legacy Clair-based one
What does this Merge Request do and why?
Replaces the hand-made legacy Clair-based container scanning with GitLab Container Scanning v4. Dogfooding DogfoodingBuild in GitLab
| criteria | before (https://gitlab.com/gitlab-org/gitlab-development-kit/-/jobs/1294628849) | after (https://gitlab.com/gitlab-org/gitlab-development-kit/-/jobs/1295377411) | notes |
|---|---|---|---|
| Speed (~performance / ~"tooling::pipelines") / sec | 352 | 52 | 6.7x faster |
| Total detected vuls. | 67 | 257 | 3.8x more |
| Critical/High detected vuls. | 0 | 0 | No critical or high vulnerabilities detected |
| Medium detected vuls. | 15 | 73 | The newer CVE database, the more vulnerabilities detected. |
| Low detected vuls. | 44 | 184 | The newer CVE database, the more vulnerabilities detected. |
| Negligible detected vuls. | 8 | 0 | No comment |
Replaces both !2011 (closed) and !1997 (closed)
Replaces the original implementation in !458 (merged).
Merge Request checklist
-
This change is backward compatible. If not, please include steps to communicate to our users. -
Tests added for new functionality. If not, please raise Issue to follow-up. -
Documentation added/updated, if needed. -
gdk doctortest added, if needed. -
Add the ~highlightlabel if this MR should be included in theCHANGELOG.md.
Edited by Takuya Noguchi