Update container-scanning to add default_branch_image to JSON report
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Why are we doing this work
Currently users who run container scanning in a branch will see a duplicate of the findings that appear in the default branch instead of just findings that are newly introduced by that branch. We want to avoid duplicate findings for branches that are already present in default branch. In order to achieve it, a new CI/CD variable CS_DEFAULT_BRANCH_IMAGE
will be used by the user to set the image which will be used to de-duplicate similar findings for the branch. The value set in this variable will be sent to GitLab Rails from gcs
through the report JSON (gl-container-scanning-report.json
).
This issue will address updating container-scanning
with the field default_branch_image
to the location
object with value from the CS_DEFAULT_BRANCH_IMAGE
environment variable.
PoC MR could be used as a reference.
Relevant links
Non-functional requirements
- [-] Documentation:
- [-] Feature flag:
- [-] Performance:
-
Testing: -
Test if the report json ( gl-container-scanning-report.json
) containslocation
field with value fromCS_DEFAULT_BRANCH_IMAGE
-
Implementation plan
-
backend Update Vulnerability#update_location_image_and_os
to adddefault_branch_image
to location object fromCS_DEFAULT_BRANCH_IMAGE
env variable.