Propagate all config ENV vars to Docker container in vendored templates for security products
Problem to solve
Currently, only a limited set of tool-specific configuration ENV vars is propagated to the container via docker run (example: SAST) despite there are more variables related to specific underlying package managers, build tools etc. (example: SAST settings for various analyzers).
Intended users
Further details
Currently, it would prevent GitLab users from fine-tuning their CI jobs that coming with some variables. Users would have to override the job definitions entirely which will significantly reduce the benefit of using a template.
Proposal
-
Update all of the security products' vendored templates to propagate all of the current config ENV vars to Docker containers they define -
Update the release process (release checklists, MR templates etc.) of the security products to streamline this process for every new variable added
What does success look like, and how can we measure that?
Users are able to customize the job definitions from vendored templates using all of the config ENV vars available for a particular tool and its underlying utils
What is the type of buyer?
GitLab Ultimate users
Links / references
- Vendored templates epic
- A comment mentioning the need for such an issue to track this problem
Edited by Victor Zagorodny