Support remediation for all recognised Operating Systems
Why are we doing this work
The requirements for container scanning state that we support distributions according to each scanner.
We want to address the following:
- The link to Trivy is now broken. Correct link: https://aquasecurity.github.io/trivy/latest/vulnerability/detection/os/
- The remediation implementation doesn't match the supported OS list for Trivy + Grype.
Relevant links
Non-functional requirements
-
Documentation: fix link to trivy in supported distributions (see description for correct link) -
Feature flag: -
Performance: -
Testing: Add a fix for each OS and verify that remediation outputs the correct diff
Implementation plan
-
documentation Fix broken link for Trivy distributions on doc/user/application_security/container_scanning/index.md -
backend Add remediation mappings for new distributions in lib/gcs/remediation.rb
(pending gitlab-org/security-products/analyzers/container-scanning!2550 (merged)) -
backend Add remediation test cases for each new distribution / OS
/cc @sam.white
Edited by Thiago Figueiró