Enable security scanning
GitLab provides quite some security scanners exposed in the security dashboard.
From the list, the following scanners should be applicable to CKI:
AC:
-
templates for security scanner jobs are available in cki-lib -
an approval rule is defined and enforced via gitlab-repo-config so that those warnings are not ignored -
secret detection is enabled everywhere -
dependency scanning is enabled everywhere -
container image scanning is enabled everywhere (might need a switch of the base image to something supported by the security scanners like ubi8/9)
Links:
- dependency scanning: https://gitlab.com/cki-project/datawarehouse/-/blob/main/.gitlab-ci.yml
- secret scanning: cki-tools!635 (closed)
- approval rule: https://gitlab.com/cki-project/cki-tools/edit
- check that rules are correctly detected: https://gitlab.com/cki-project/cki-tools/-/security/configuration