Use FIPS runners in job integration tests of Gemnasium
Proposal
Gemnasium has has job integration using downstream pipelines, including tests for the FIPS variants of its Docker images. These downstream pipelines should use runners where FIPS is enabled.
The normal runners should still be used when testing the non-FIPS images.
Further details
To run job integration tests, Gemnasium uses projects defined in the security-products/tests
project group.
This project group has FIPS runners, and these can be selected by setting the job tags to fips
.
Implementation plan
-
Update the Dependency Scanning QA CI template, and add a CI var that controls the tags of the Dependency Scanning jobs -
Update the job integration tests of Gemnasium, and set that CI var when testing the FIPS images
Edited by Fabien Catteau