Validate `default_branch_image` on the container-scanning analyzer
Why are we doing this work
Follow-up for gitlab-org/security-products/analyzers/container-scanning!2610 (merged)
Since default_branch_image
is a user-provided value and also is validated by the security-report-schemas
, we should add validation to container-scanning
to make sure that the provided value is valid. If it is not, then we should emit an error and exit. This will prevent container-scanning
from being able to produce artifacts which are invalid according to the schema.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Add a regex to validate the default_branch_image
. #339078 (closed) tries to solve a similar case, maybe we can use the same regex -
backend Validate the default_branch_image
and log error inGcs::Vulnerability#update_location_image_and_os
if the validation fails
Edited by Dominic Bauer