Anchore Container Scanning integration in GitLab
Problem to solve
Anchore is a Container Scanning tool (and more: "Security and Compliance for Container Native Applications") Some customers might already have this solution in place and would like to use it instead of our Container Scanning solution.
Intended users
- Delaney, Development Team Lead, https://design.gitlab.com/research/personas#persona-delaney
- Sasha, Software Developer, https://design.gitlab.com/research/personas#persona-sasha
- Sam, Security Analyst), https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-analyst
Further details
Anchore already provides a way to generate reports, but not in the format required by GitLab: https://anchore.freshdesk.com/support/solutions/articles/36000058199-gitlab-integration We can adapt this snippet to provide the required data, and have anchore results in GitLab Security reports.
Proposal
\Users will be able to use a vendored template to leverage the results from their Anchore service.
Permissions and Security
TODO
Documentation
TODO
Testing
TODO
What does success look like, and how can we measure that?
What is the type of buyer?
- Ultimate