Inventory of container images used in CI/CD pipelines and components, incl security scan and compliance reports
Release notes
Problem to solve
CI/CD jobs can reference container images. They are often inherited from CI/CD templates, or components, and are only visible at runtime by inspecting the job log, running inside the container image. There is no UI inventory view of all used images in a project/group/instance.
It is possible with the GitLab API, we wrote some scripts for that requirement. These scripts need to be run on demand by users with specific API permissions with access to the repository and CI endpoints.
https://about.gitlab.com/blog/2023/03/16/how-gitlab-can-help-mitigate-deletion-open-source-images-docker-hub/#advanced-search-for-images
https://gitlab.com/gitlab-da/use-cases/gitlab-api/gitlab-api-python/-/blob/main/get_all_cicd_job_images.py?ref_type=heads
Proposal
For compliance reports and policies, it would be helpful to get an inventory of all used container images, with direct links to their CI/CD config (file) source.
Additional feature request: Where container image scan reports exist, link these vulnerability reports in the overview to allow review and actions.
Intended users
- Priyanka (Platform Engineer)
- Sidney (Systems Administrator)
- Allison (Application Ops)
- Amy (Application Security Engineer)
- Isaac (Infrastructure Engineer)
- Alex (Security Operations Engineer)
- Cameron (Compliance Manager)
Feature Usage Metrics
Does this feature require an audit event?
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.