feat(catalog): container-scan-summary component + vale no-findings message

Andrew Dunnrequested to merge
feat/v2.3.0-vale-noop-scan-summary into main

Summary

Two maintenance-signal improvements for the upcoming v2.3.0.

New: `container-scan-summary` component

Pair with the GitLab Container-Scanning template. Container scanning stays advisory on default-branch + MR (no red pipelines on every CVE), but findings now surface in a single-page artifact + log block a maintainer can paste straight into a triage conversation.

Inputs: `container_scanning_job`, `report_path`, `top_n` (default 20), `stage`, `job_name`, `runner_tag`, `job_rules`.

Output: `vulnerability-summary.md` artifact (1 year expire) + log block. Empty-state safe — if upstream container_scanning was rule- excluded, the artifact says so honestly rather than failing the job.

Changed: vale no-findings message

`vale` template emits `vale: no findings on ` when the run is clean. Removes the 0-byte artifact ambiguity that the v2.2.0 audit surfaced — clean pass is distinguishable from a no-op without log inspection.

Test plan

  • MR pipeline green (lint + syntax)
  • Tagged as v2.3.0 → consumers (kaniko, postern, tach, manifold) can layer in `container-scan-summary` alongside their existing `Jobs/Container-Scanning.gitlab-ci.yml` includes

Merge request reports