Update DAST API/API Fuzzing templates to select FIPS image when enabled
Problem
When GitLab is running in FIPS mode, the API Security templates must use a FIPS image instead of our normal image.
Proposal
Template change consensus reached here
When FIPS mode is enabled in GitLab, the templates for API Security should automatically use the FIPS version of analyzer. This will occur through a new variable _IMAGE_SUFFIX
. The rules of the job will correctly set _IMAGE_SUFFIX
to -fips
when CI_GITLAB_FIPS_MODE
is set to true
.
Tasks:
-
Update .latest
versions of template to use_IMAGE_SUFFIX
and set it via rules -
Update template tests as needed -
Document new variable -
Add a FIPS section to documentation referencing_IMAGE_SUFFIX
and explaining template operation
Edited by Michael Eddington