Skip to content

Remove container-image: from location on the Dependency List

What does this MR do and why?

This MR removes container-image: prefix from dependency location on the Dependency List when dependencies were found in container image (using container-scanning analyzer).

Screenshots or screen recordings

Before

image

After

image

How to set up and validate locally

  1. Create new project.
  2. Configure Container-Scanning in .gitlab-ci.yml file:
variables:
    DOCKER_IMAGE: alpine:3.12.0

include:
    - template: Security/Container-Scanning.gitlab-ci.yml
  1. Run the pipeline
  2. Go to Security & Compliance -> Dependency list
  3. Take a look at the location field.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #349002 (closed)

Edited by Alan (Maciej) Paruszewski

Merge request reports

Loading