Update Container Scanning to use Shared CI Analyzer Template
Summary
The purpose of this issue is to update the GitLab klar project to use Shared CI Analyzer Template
Implementation Plan
-
Update the integration test job of the Analyzer Template
to- Set the
CLAIR_VULNERABILITIES_DB_URL
:- "CLAIR_VULNERABILITIES_DB_URL=`getent hosts clair-vulnerabilities-db | awk '{ print $1 }'`"
- Add
DOCKER_IMAGE
andCLAIR_VULNERABILITIES_DB_URL
environment variables to thedocker run
command:- docker run --volume ${CI_PROJECT_DIR}/test/fixtures:/tmp/project --env CI_PROJECT_DIR=/tmp/project --env DS_EXCLUDED_PATHS --env SAST_EXCLUDED_PATHS --env DOCKER_IMAGE=$DOCKER_IMAGE --env CLAIR_VULNERABILITIES_DB_URL=$CLAIR_VULNERABILITIES_DB_URL $TMP_IMAGE /analyzer run
- Set the
-
Update the GitLab klar project to: - override the services section of the
integration test
job by adding the following to the.gitlab-ci.yml
file:integration test: services: - name: "arminc/clair-db:2019-09-04" alias: clair-vulnerabilities-db - name: docker:stable-dind
- Set the
MAJOR
andREPORT_FILENAME
global variables in the.gitlab-ci.yml
file:MAJOR: 2 REPORT_FILENAME: gl-container-scanning-report.json
- override the services section of the
Improvements
Risks
Involved components
Optional: Intended side effects
Optional: Missing test coverage
Edited by Adam Cohen