Update container scanning for registry config
What does this MR do and why?
Update container scanning for registry config Exclude container_scanning report.
This is how the final config looks like:
Click to expand
---
variables:
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:7"
CS_SCHEMA_MODEL: 15
container_scanning:
image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
stage: test
variables:
GIT_STRATEGY: none
REGISTRY_TRIGGERED: true
CS_IMAGE: registry.gitlab.com/atiwari71/container-scanning-test/alpine1-main:07ed52de64553270a76a364d0ce15b3e89988901
allow_failure: true
artifacts:
access: developer
reports:
container_scanning: []
cyclonedx:
- "**/gl-sbom-*.cdx.json"
paths:
- "**/gl-sbom-*.cdx.json"
dependencies: []
script:
- gtcs scan
rules:
- if: "$CONTAINER_SCANNING_DISABLED == 'true' || $CONTAINER_SCANNING_DISABLED ==
'1'"
when: never
- if: $CI_COMMIT_BRANCH && $CI_GITLAB_FIPS_MODE == "true" && $CS_ANALYZER_IMAGE
!~ /-(fips|ubi)\z/
variables:
CS_IMAGE_SUFFIX: "-fips"
- if: "$CI_COMMIT_BRANCH"
image: docker:stable
services:
- docker:stable-dind
stages:
- ".pre"
- test
- ".post"
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
Steps to test:
E2E
- Enable CS in the security configuration for the registry.
- Push an image to the registry.
- Review the output of the automated CS job.
Shortcut
- Copy the CI config to a test project.
- Execute the CI job and verify the output.
Related to
Edited by Aditya Tiwari