Add FIPS-compliance tests to container scanning analyzers
Why are we doing this work
We want to know if our container scanning images are FIPS-compliant.
Relevant links
- https://gitlab.com/gitlab-org/gitlab/-/issues/356833+
-
slack thread (internal). In case the thread expires, the important references are:
-
@fcatteauI was able to Register a group runner via https://gitlab.com/groups/gitlab-org/security-products/tests/-/runners. -
@fcatteauGitLab doesn’t mind empty job tags; it’s equivalent to no tag. This is great, because then we can use a CI variable to switch b/w the FIPS runners and the normal ones when triggering a pipeline in the test projects, to run an integration test. See experiment in gitlab-org/security-products/tests/java-maven!173 (closed)
-
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
Edited by Thiago Figueiró