Add equivalent of DOCKER_INSECURE and REGISTRY_INSECURE to container scanning
Why are we doing this work
For feature compatibility with the previous container-scanning analyzer, we need an equivalent of the DOCKER_INSECURE
and REGISTRY_INSECURE
configuration variables and rename to CS_DOCKER_INSECURE
and CS_REGISTRY_INSECURE
:
Variable | Default | Description |
---|---|---|
CS_DOCKER_INSECURE |
false | Disable certificate validation when accessing secure Docker registries over HTTPS. |
CS_REGISTRY_INSECURE |
false | Allow insecure connections (HTTP) to a container registry. |
Relevant links
Non-functional requirements
-
Documentation: Update variables in doc/user/application_security/container_scanning/index.md - [-] Feature flag:
- [-] Performance:
-
Testing: -
Test scanner with CS_DOCKER_INSECURE
andCS_REGISTRY_INSECURE
-
Implementation plan
-
Add support for CS_REGISTRY_INSECURE
andCS_DOCKER_INSECURE
. Default value false. And update documentation for the same. -
For Trivy add support for the variables here: -
CS_DOCKER_INSECURE
maps toTRIVY_INSECURE
-
CS_REGISTRY_INSECURE
maps toTRIVY_NON_SSL
.
-
Edited by Alan (Maciej) Paruszewski