Migrate agent vulnerability scanning to Trivy k8s
Why are we doing this work
Starboard is deprecated, is being merged into Trivy instead. The Starboard library which we use for agent vulnerability scanning is no longer receiving updates. We need to migrate Trivy so that we can continue to maintain the operational container scanning feature.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
- In
gitlab-agent
replace the scanJob.scan function to:-
Start a
Trivy Pod
with a trivy container image egaquasec/trivy:0.38.3
- Retrieve the scan report from
Trivy Pod
logs
-
Start a
- Modify report.go to convert the report to the expected format.
Spike project created to validate the above implementation plan.
This thread contains context that led to this new implementation plan.
Verification steps
🤖
Auto-Summary Discoto Usage
Points
Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive)
point:
. For example, the following are all valid points:
#### POINT: This is a point
* point: This is a point
+ Point: This is a point
- pOINT: This is a point
point: This is a **point**
Note that any markdown used in the point text will also be propagated into the topic summaries.
Topics
Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.
Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive)
topic:
. For example, the following are all valid topics:
# Topic: Inline discussion topic 1
## TOPIC: **{+A Green, bolded topic+}**
### tOpIc: Another topic
Quick Actions
Action Description /discuss sub-topic TITLE
Create an issue for a sub-topic. Does not work in epics /discuss link ISSUABLE-LINK
Link an issuable as a child of this discussion
Last updated by this job
-
TOPIC
Trivy k8s
is currently marked as experimental #366262 (comment 1254860629) - TOPIC Resource usage of Trivy k8s #366262 (comment 1254867918)
- TOPIC Unable to configure Trivy image with Trivy k8s #366262 (comment 1254931662)
Discoto Settings
---
summary:
max_items: -1
sort_by: created
sort_direction: ascending
See the settings schema for details.