OCS should be disabled when Gitlab-Agent is on fips mode
Proposal
Gitlab-agent can work in -fips
mode. Right now Operational Container Scanning (OCS)
is always enabled by default. OCS works by running the trivy-k8s-wrapper that is not -fips
compliant. For that reason we need to disable OCS
when gitlab-agent runs in fips
mode.
Implementation plan
-
Add to the list of unsupported fips item the OCS functionality -
Add conditional building to gitlab-agent -
Introduce new build tag
Related links
Edited by Nick Ilieskou