Add SAST:container status in GitLab Registry
Followup of #3724 (closed) (see description).
Now that we have SAST:container reports available in MR, we can consider adding them also to the GitLab Registry page. It can be a little tricky because images in the Registry are not strictly related to pipelines, and can also be added directly.
We mainly have two options:
- "link" images and reports taken from pipelines jobs
- run a recurring scan on images and check the status
Problems with 1 are that security issues can be found after the pipeline was done, and so we are presenting a green check where it is not. On the other side, 2 could be time and resource consuming and it cannot be done by the runners fleet in the easy way.