Add pipeline jobs for new scanners
Why are we doing this work
Current work has been done towards abstracting container-scanning project to support multiple scanners. The goal is to provide a structured/simple way of integrating third party scanners.
This MR removes dependency from the docker file but the addition of pipeline jobs, to cover whenever $SCANNER
is different than trivy
, is still required.
Relevant links
Related MR: gitlab-org/security-products/analyzers/container-scanning!30 (merged)
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Add new jobs for building and testing GCS when $SCANNER
is set togrype
.allow_failure: true
might be required for the integration tests while we wait for the scanner to be added.
Edited by Alan (Maciej) Paruszewski