Skip to content

container scanning parsing errors when no tag is used

Summary

When running GitLab container_scanning image the security report does not parse the image name when a specific image tag is not specified. the regex pattern ^[^:]+(:\d+[^:]*)?:[^:]+$ will not find a match.

Steps to reproduce

  1. use Security/Container-Scanning.gitlab-ci.yml
  2. set DOCKER_IMAGE: to image name without tag specified implying latest (ex. httpd vs httpd:latest)
  3. run pipeline
  4. move to security tab
  5. get Error parsing security reports

Example Project

https://gitlab.com/jessie/312435

What is the current bug behavior?

regex fails to parse image name and does not present report

What is the expected correct behavior?

regex parses image name and presents report

Relevant logs and/or screenshots

Screen_Shot_2022-08-31_at_1.56.39_PM Screen_Shot_2022-08-31_at_1.59.54_PM

Output of checks

This bug happens on gitlab.com

Implementation Plan

  • backend If the DOCKER_IMAGE does not include the tag, append the :latest by default either in Gcs::Enviornment.docker_image or in Gcs::Cli#scan methods.
Edited by Alan (Maciej) Paruszewski