Document Container Scanning DOCKER_IMAGE environment variable

Problem to solve

We currently leverage CI_APPLICATION_REPOSITORY and CI_APPLICATION_TAG variables to specify which image to scan.

These variables might be used for other purposes outside of CS and we should avoid suggesting to override them as it could create side effects, depending on how they get overridden.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)

Further details

A new DOCKER_IMAGE environment variable was added to the GitLab Container Scanning tool in Rewrite converter from Node.js to Go, however, this variable has not yet been documented.

Proposal

Provide documentation for the DOCKER_IMAGE environment variable. This environment variable should override everything if provided. If this environment variable is not configured, then set its default value to $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG if both those variables are set. This would allow keeping backward compatibility.

Documentation

• Update the Container Scanning documentation
• Update the variables described in the Container Scanning section of the Security Scanner documentation

Testing

What does success look like, and how can we measure that?

Users of Container Scanning can specify the docker image to be scanned with DOCKER_IMAGE environment variable

What is the type of buyer?

GitLab Ultimate

Links / references

!17964 (comment 225242187)